Summary
Multiple Barracuda Networks products are prone to a directory- traversal vulnerability because it fails to sufficiently sanitize user- supplied input.
A remote attacker can exploit this vulnerability using directory- traversal characters ('../') to access files that contain sensitive information that can aid in further attacks.
Affected:
Barracuda IM Firewall 3.4.01.004 and earlier
Barracuda Link Balancer 2.1.1.010 and earlier
Barracuda Load Balancer 3.3.1.005 and earlier
Barracuda Message Archiver 2.2.1.005 and earlier
Barracuda Spam & Virus Firewall 4.1.2.006 and earlier Barracuda SSL VPN 1.7.2.004 and earlier
Barracuda Web Application Firewall 7.4.0.022 and earlier Barracuda Web Filter 4.3.0.013 and earlier
References
Severity
Classification
-
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- AeroMail Cross Site Request Forgery, HTML Injection and Cross Site Scripting Vulnerabilities
- A4Desk Event Calendar 'eventid' Parameter SQL Injection Vulnerability
- Adobe ColdFusion HTTP Response Splitting Vulnerability
- Apache Web Server ETag Header Information Disclosure Weakness
- Andy's PHP Knowledgebase Multiple Cross-Site Scripting Vulnerabilities