Summary
It is possible to read arbitrary files on the remote Snapstream PVS server by prepending ../../ in front on the file name.
It may also be possible to read ../ssd.ini which contains many informations on the system (base directory, usernames & passwords).
Solution
Upgrade your software or change it!
Severity
Classification
-
CVE CVE-2001-1108 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities