Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:18509
HistoryNov 27, 2007 - 12:00 a.m.

2007-06 Sentinel Protection Server Directory Traversal

2007-11-2700:00:00
vulners.com
37
JSON

Title

Sentinel Protection Server Directory Traversal

Severity

High

Date Discovered

October 10th, 2007

Discovered By

Digital Defense, Inc. Vulnerability Research Team
Credit: Corey Lebleu

Vulnerability Description

A classic directory traversal condition exists within the Sentinel Protection Server. By sending in an HTTP GET request with a path of a file proceeded by and escaped traversal sequence, an attacker can leverage an arbitrary file access condition on the affected system.

Solution Description

Digital Defense, Inc. initially notified SafeNet on October 12, 2007 and received confirmation from the notification on October 30, 2007. SafeNet informed DDI that it would be releasing a patch for this flaw on November 16, 2007. At this time, DDI does not have a resolution number for the SafeNet patch for this flaw.

Tested Systems / Software (with versions)

Sentinel Protection Server 7.1
Other versions may be vulnerable to this flaw.

Vendor Contact

SafeNet
http://www.safenet-inc.com/

JSON