Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:31123
HistorySep 29, 2014 - 12:00 a.m.

Glype proxy cookie jar path traversal allows code execution

2014-09-2900:00:00
vulners.com
56

Glype proxy cookie jar path traversal allows code execution

Securify, September 2014


Abstract

A path traversal vulnerability has been identified in the Glype
web-based proxy that allows an attacker to run arbitrary PHP code on the
server or to remove critical files from the filesystem. This only
affects servers that are configured to:

  • store Glype cookies locally; AND
  • disable PHP display_errors; AND
  • allow the webserver process to write to the filesystem (document
    root).

Affected versions

This issue has been identified in Glype 1.4.9. Older version are most
likely affected as well.


Fix

Glype was informed and a fixed version (1.4.10) is now available at
www.glype.com


Details

http://www.securify.nl/advisory/SFY20140901/glype_proxy_cookie_jar_path_traversal_allows_code_execution.html