Summary
Directory traversal vulnerability in SafeNet Authentication Service (SAS) Outlook Web Access Agent (formerly CRYPTOCard).
Impact
Successful exploitation will allow remote
attackers to download arbitrary files.
Impact Level: Application
Solution
Update to 1.03.30109 or higher
Insight
Via a .. (dot dot) in the GetFile parameter to owa/owa it is possible to read arbitrary files.
Affected
SafeNet Authentication Service before 1.03.30109
Detection
Send a crafted HTTP GET request
and check whether it is able to read arbitrary files or not.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2014-5359 -
CVSS Base Score: 7.8
AV:N/AC:L/Au:N/C:C/I:N/A:N
Related Vulnerabilities
- Admin Bot 'news.php' SQL Injection Vulnerability
- Acute Control Panel SQL Injection Vulnerability and Remote File Include Vulnerability
- Ad Manager Pro Multiple SQL Injection And XSS Vulnerabilities
- Adobe ColdFusion Components (CFC) Denial Of Service Vulnerability
- 68designs 68kb Multiple Remote File Include Vulnerabilities