Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:20908
HistoryNov 24, 2008 - 12:00 a.m.

DDIVRT-2008-15 iPhone Configuration Web Utility 1.0 for Windows Directory Traversal

2008-11-2400:00:00
vulners.com
10
JSON

Title

DDIVRT-DDIVRT-2008-15 iPhone Configuration Web Utility 1.0 for Windows Directory Traversal

Severity

High

Date Discovered

October 2, 2008

Discovered By

Digital Defense, Inc. Vulnerability Research Team
Credit: Corey LeBleu and r@b13$

Vulnerability Description

The iPhone Configuration Web Utility allows centralized management of iPhone configuration
settings. The iPhone Configuration Web Utility 1.0 for Windows web interface is vulnerable to a
common web directory traversal attack. Successful exploitation will result in arbitrary read-only
file access outside of the iPhone Configuration Web Utility 1.0 web root.

Solution Description

Filter network traffic so that only trusted users can access the web interface.

Tested Systems / Software (with versions)

Windows XP Professional
iPhone Configuration Web Utility 1.0 for Windows

Vendor Contact

Vendor Name: Apple Inc.
Vendor Website: www.apple.com

JSON