Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:17171
HistoryJun 03, 2007 - 12:00 a.m.

[Full-disclosure] APC PowerChute Network Shutdown 2.21 is vulnerable to directory transversal

2007-06-0300:00:00
vulners.com
25
JSON

Synopsis: APC PowerChute Network Shutdown 2.21 is vulnerable to directory
transversal

Background: APC PowerChute Network Shutdown is used to perform graceful
shutdowns of network servers from one main server.

Affected Versions: <= 2.21 build 116

Description: APC PowerChute Network Shutdown is vulnerable to a directory
transversal by appending special characters such as %5c and %2e to the end
of a URL. This is due to an existing vulnerability in Acme.Serve which is a
Java HTTP server which PowerChute Network Shutdown is built on.

Vendor Notified April 9th 2007
Vendor Response April 10th 2007 "A fix is being worked on for the next
release."

April 25th 2007 Spoke to vendor again, no ETA.

May 3rd 2007 No ETA.

June 1st 2007 No ETA.

Reference: CVE-2001-0748

http://xforce.iss.net/xforce/xfdb/6634

http://www.securityfocus.com/bid/2809

http://www.apc.com/products/family/index.cfm?id=127

http://www.acme.com/java/software/Acme.Serve.Serve.html

Chris Castaldo

"An ounce of prevention is worth a pound of cure."

Related

cve 1
cisco 1
securityvulns 2
cve
cve
CVE-2001-0748
2001-10-18 04:00:00
cisco
cisco
Cisco Secure ACS Unix Acme.server Information Disclosure Vulnerability
2002-07-02 18:00:00
securityvulns
securityvulns
Удаленный доступ через Acme &#40;remote unauthorized access&#41;
2001-06-02 00:00:00
APC PowerChute Network Shutdown directory traversal
2007-06-03 00:00:00
JSON
Related for SECURITYVULNS:DOC:17171
cve1cisco1securityvulns2