Summary
The Brio web application interface has a directory traversal in the component 'odscgi'. An attacker may exploit this flaw to read arbitrary files on the remote host by submitting a URL like :
http://www.example.com/ods-cgi/odscgi?HTMLFile=../../../../../../etc/passwd
Solution
Check www.brio.com for updated software.
Severity
Classification
-
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Apache CouchDB Cross Site Request Forgery Vulnerability
- Advantech WebAccess Multiple Stack Based Buffer Overflow Vulnerabilities
- AeroMail Cross Site Request Forgery, HTML Injection and Cross Site Scripting Vulnerabilities
- A4Desk Event Calendar 'eventid' Parameter SQL Injection Vulnerability
- Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability