header-logo
Suggest Exploit
vendor:
SuperScout WebFilter Reports Server
by:
SecurityFocus
8.8
CVSS
HIGH
Directory Traversal
22
CWE
Product Name: SuperScout WebFilter Reports Server
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: YES
Related CWE: CVE-2002-0674
CPE: a:surfcontrol:superscout_webfilter_reports_server
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2002

SurfControl SuperScout WebFilter Reports Server Directory Traversal Vulnerability

SurfControl SuperScout WebFilter Reports Server is prone to a directory traversal vulnerability which allows an attacker to break out of the root directory for the reporting service and browse the filesystem at large, disclosing arbitrary files that are readable by the Reports Server.

Mitigation:

Upgrade to the latest version of SurfControl SuperScout WebFilter Reports Server.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/5857/info

SurfControl SuperScout WebFilter Reports Server is prone to a vulnerability which may allow remote attackers to disclose the contents of arbitrary files.

The Reports Server does not sufficiently filter triple-dot-slash (.../) sequences from web requests. As a result, an attacker may break out of the root directory for the reporting service and browse the filesystem at large, disclosing arbitrary files that are readable by the Reports Server.

http://reports-server:8888/.../.../.../.../.../.../.../winnt/win.ini

Navigation

Suggest Exploit

Services By CQR