Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:29751
HistorySep 09, 2013 - 12:00 a.m.

CVE-2013-5216 CapaSystems Performance Guard Path Traversal Vulnerability

2013-09-0900:00:00
vulners.com
77
JSON

Application Performance Guard
Vendor CapaSystems
Link http://www.capasystems.com/it-performance-monitorin

Discovered by Kerem Kocaer <kerem.kocaer(at)gmail(dot)com>

Problem

Path traversal vulnerability in the "download logs" section allows remote attackers to read
arbitrary files by intercepting and modifying the file path in an HTTP request to "uploadreader.jsp".

The vulnerability is confirmed to exist in version 6.1.27. Other versions may also be vulnerable.

Exploit

This issue can be exploited with a web browser and a proxy tool to intercept and modify parameters
sent to: http://[address]/logreader/uploadreader.jsp

Fix

The vendor has reported fixing the problem in version 6.2.102.
Bug Fix PG-8050 (http://capawiki.capasystems.com/display/pgdoc/PG+6.2.102&#41;

Timeline

2013-05-16 Provided details to CapaSystems
2013-06-07 Performance Guard version 6.2.102 released (with Bug fix PG-8050)

Reference

CVE Number: CVE-2013-5216

Related

prion 1
zdt 1
packetstorm 1
cve 1
securityvulns 1
prion
prion
Directory traversal
2013-09-12 18:37:00
zdt
zdt
Performance Guard Arbitrary File Read / Traversal Vulnerabilities
2013-08-30 00:00:00
packetstorm
packetstorm
Performance Guard Arbitrary File Read / Traversal
2013-08-29 00:00:00
cve
cve
CVE-2013-5216
2013-09-12 18:37:00
securityvulns
securityvulns
Web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;
2013-09-09 00:00:00
JSON
Related for SECURITYVULNS:DOC:29751
prion1zdt1packetstorm1cve1securityvulns1