This host is installed with Frams&qt Fast File EXchange and is prone to multiple vulnerabilities.

Successful exploitation will allow attacker to conduct HTTP response splitting, conduct request forgery attacks and execute arbitrary HTML and script code in a user's browser session in the context of an affected site. Impact Level: Application

Upgrade to Frams&qt Fast File EXchange version 20140526 or later. For updates refer to http://fex.rus.uni-stuttgart.de

Multiple flaws are due to, - An input passed via the 'akey' parameter to /rup is not properly sanitised before being returned to the user. - An input passed via the 'addto' parameter to /fup is not properly sanitised before being returned to the user. - An input passed via the 'disclaimer' and 'gm' parameters to /fuc is not properly sanitised before being returned to the user. - Application allows users to perform certain actions via HTTP requests without performing proper validity checks to verify the requests.

Frams&qt Fast File EXchange before version 20140526

Send a crafted data via HTTP GET request and check whether it is possible to read a given string.

• http://fex.rus.uni-stuttgart.de/fex.html
• http://packetstormsecurity.com/files/126906
• http://seclists.org/oss-sec/2014/q2/405
• http://secunia.com/advisories/58486
• http://www.osvdb.com/107660
• http://www.osvdb.com/107661
• https://www.lsexperts.de/advisories/lse-2014-05-22.txt

---

Updated on 2017-03-28