header-logo
Suggest Exploit
vendor:
Protection Server and Keys Server
by:
Unknown
5.5
CVSS
MEDIUM
Directory Traversal
22
CWE
Product Name: Protection Server and Keys Server
Affected Version From: 7.0.0
Affected Version To: 7.4.2000
Patch Exists: NO
Related CWE: Unknown
CPE: a:sentinel:protection_server:7.0.0cpe:/a:sentinel:protection_server:7.1.0cpe:/a:sentinel:protection_server:7.2.0cpe:/a:sentinel:protection_server:7.3.0cpe:/a:sentinel:protection_server:7.4.0cpe:/a:sentinel:keys_server:1.0.3
Metasploit:
Other Scripts:
Platforms Tested:
Unknown

Directory Traversal Vulnerability in Sentinel Protection Server and Keys Server

The Sentinel Protection Server and Keys Server are vulnerable to a directory-traversal vulnerability. This vulnerability occurs due to insufficient sanitization of user-supplied input data. An attacker can exploit this vulnerability to access sensitive information, which can be used for further attacks.

Mitigation:

It is recommended to update to the latest version of Protection Server and Keys Server to mitigate this vulnerability. Additionally, input validation should be implemented to sanitize user-supplied input.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/26583/info

Sentinel Protection Server and Keys Server are prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data.

Exploiting this issue may allow an attacker to access sensitive information that could aid in further attacks.

This issue affects Protection Server 7.0.0 through 7.4.0, and Keys Server 1.0.3; earlier versions may also be vulnerable. 

http://www.example.com:6002/../../../../../../boot.ini
http://www.example.com:7002/../../../../../../winnt/repair/sam

Navigation

Suggest Exploit

Services By CQR