APC PowerChute Network Shutdown directory traversal - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

APC PowerChute Network Shutdown directory traversal
Published: 03.06.2007
Source: FULL-DISCLOSURE
SecurityVulns ID: 7771
Type: remote
Level: 6/10
Description: Directory traversal in Acme.Serve embedded web server with %5c and %2e.

Affected: APC : PowerChute Network Shutdown 2.21
CVE: CVE-2001-0748 (Acme.Serve 1.7, as used in Cisco Secure ACS Unix and possibly other products, allows remote attackers to read arbitrary files by prepending several / (slash) characters to the URI.)

Original document guiness.stout, [Full-disclosure] APC PowerChute Network Shutdown 2.21 is vulnerable to directory transversal (03.06.2007)

Discuss: Read or add your comments to this news (0 comments)