Summary
The host is running Sockso and is prone to directory traversal vulnerability.
Impact
Successful exploitation will allow attacker to obtain sensitive information that could aid in further attacks.
Impact Level: Application
Solution
Upgrade to Sockso version 1.5.1 or later.
For updates refer to http://sockso.pu-gh.com/
Insight
The flaw is due to improper validation of URI containing '../' or '..\' sequences, which allows attackers to read arbitrary files via directory traversal attacks.
Affected
Sockso version 1.5 and prior
References
Severity
Classification
-
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- IBM WebSphere Application Server 'plugin-key.kdb' Information Disclosure Vulnerability
- Cherokee URI Directory Traversal Vulnerability and Information Disclosure Vulnerability
- GoAhead Webserver Multiple Stored Cross Site Scripting Vulnerabilities
- Apache HTTP Server 'mod_dav_svn' Denial of Service Vulnerability (Windows)
- HttpBlitz Server HTTP Request Remote Denial of Service Vulnerability