Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:27123
HistoryOct 04, 2011 - 12:00 a.m.

DDIVRT-2011-34 Metropolis Technologies OfficeWatch Directory Traversal

2011-10-0400:00:00
vulners.com
31
JSON

Title

DDIVRT-2011-34 Metropolis Technologies OfficeWatch Directory Traversal

Severity

High

Date Discovered

August 15, 2011

Discovered By

Digital Defense, Inc. Vulnerability Research Team
Credit: Chris Graham and r@b13$

Vulnerability Description

Metropolis Technologies OfficeWatch enables a web server on TCP port 80 that is susceptible to a directory traversal. An attacker may send a …/ (dot-dot-slash) sequence to traverse out of the web root and access arbitrary files on the host.

Solution Description

Until a patch is released by the vendor, it is recommended to restrict access to the web server to authorized hosts only. Access controls can be configured through Windows firewall.

Tested Systems / Software

Metropolis Technologies OfficeWatch for Windows 2000/XP/2003/Vista Version 2011.06.20

Tested on Windows Server 2003 and XP

Vendor Contact

[email protected]

JSON