Path Traversal Vulnerabilities

May 18, 2020 Krishna Accipiter DirectServer, Alibaba, Attacking the Web Server, Cisco ACS Acme.server, ETHICAL HACKING, hack, IT- Security, McAfee EPolicy Orcestrator, Path Traversal Vulnerabilities, Traversal Vulnerabilities, VULNERABILITIES, web-app, web-site

Accipiter DirectServer

This path traversal flaw could be exploited by placing URL-encoded dot-dot-slash sequences into a request. For more information about this flaw, see www.securityfocus.com/bid/9389 .

Alibaba

This path traversal flaw could be exploited by placing simple dot-dot-slash sequences into a request. For more information about this flaw, see www.securityfocus.com/bid/270 .

Cisco ACS Acme.server

This path traversal flaw could be exploited by adding slashes after the host-name in a URL. This caused the web server to retrieve files from the root of the server file system. For more information about this flaw, see www.ciac.org/ciac/bulletins/m-097.shtml .

McAfee EPolicy Orcestrator

This product used a POST request to upload user-supplied data and write this to a user-supplied location. An arbitrary file anywhere on the file system could simply be specified in the request. For more information about this flaw, see www.securityfocus.com/bid/18979 .

Accipiter DirectServer

Alibaba

Cisco ACS Acme.server

McAfee EPolicy Orcestrator

Posts to Review: