Summary
Multiple EverFocus devices allowing unauthenticated remote users to retrieve arbitrary system files that are located outside of the web root through a directory traversal on port 80.
Solution
Firmware update is available from EverFocus technical support.
References
Severity
Classification
-
CVSS Base Score: 7.8
AV:N/AC:L/Au:N/C:C/I:N/A:N
Related Vulnerabilities
- Adobe ColdFusion Multiple Vulnerabilities-02 May-2014
- AWStats Totals 'sort' Parameter Remote Command Execution Vulnerabilities
- Advanced Guestbook Index.PHP SQL Injection Vulnerability
- AlienVault OSSIM 'date_from' Parameter Multiple SQL Injection Vulnerabilities
- ArticleSetup Multiple Cross-Site Scripting and SQL Injection Vulnerabilities