Информационная безопасность
[RU] switch to English


Дополнительная информация

  Cводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)

  NGS00500 Technical Advisory: Bit51 Better WP Security Plugin - Unauthenticated Stored XSS to RCE

  [ MDVSA-2013:203 ] phpmyadmin

  MojoPortal XSS

  Multiple XSS Vulnerabilities in Jahia xCM

From:kerem.kocaer_(at)_gmail.com <kerem.kocaer_(at)_gmail.com>
Date:9 сентября 2013 г.
Subject:CVE-2013-5216 CapaSystems Performance Guard Path Traversal Vulnerability



Application    Performance Guard
Vendor       CapaSystems
Link           http://www.capasystems.com/it-performance-monitorin

Discovered by  Kerem Kocaer <kerem.kocaer(at)gmail(dot)com>

Problem
-------
Path traversal vulnerability in the "download logs" section allows remote attackers to read
arbitrary files by intercepting and modifying the file path in an HTTP request to "uploadreader.jsp".

The vulnerability is confirmed to exist in version 6.1.27. Other versions may also be vulnerable.

Exploit
-------
This issue can be exploited with a web browser and a proxy tool to intercept and modify parameters
sent to: http://[address]/logreader/uploadreader.jsp

Fix
---
The vendor has reported fixing the problem in version 6.2.102.
Bug Fix PG-8050 (http://capawiki.capasystems.com/display/pgdoc/PG+6.2.102)


Timeline
--------
2013-05-16 Provided details to CapaSystems
2013-06-07 Performance Guard version 6.2.102 released (with Bug fix PG-8050)


Reference
---------
CVE Number: CVE-2013-5216

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород