BitDefender Products HTTP Daemon Directory Traversal Vulnerability

Summary

BitDefender is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data.

Impact

Exploiting this issue allows an attacker to access potentially sensitive information that could aid in further attacks.

Solution

Update to BitDefender GravityZone >= 5.1.11.432

Insight

Arbitrary files can be downloaded using a HTTP GET request:

Affected

BitDefender GravityZone <= 5.1.5.386

Detection

Send a special crafted HTTP GET request and check the response

References

https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140716-3_Bitdefender_GravityZone_Multiple_critical_vulnerabilities_v10.txt

Updated on 2015-03-25

Severity

Medium Severity

Classification

CVE CVE-2014-5350

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities