Summary
TrustPort WebFilter is prone to an arbitrary file-access vulnerability.
Impact
An attacker can exploit this issue to read arbitrary files in the context of the web server process, which may aid in further attacks.
Impact Level: Application
Solution
Updates are available.
Insight
A vulnerability exists within the help.php script, allowing an remote attacker to access files outside of the webroot with SYSTEM privileges, without authentication.
Affected
TrustPort WebFilter 5.5.0.2232 is vulnerable
other versions may also
be affected.
Detection
Send a special GET request, with a base64 encoded
directory traversal string and file name
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2013-5301 -
CVSS Base Score: 7.8
AV:N/AC:L/Au:N/C:C/I:N/A:N
Related Vulnerabilities
- AWStats Totals 'sort' Parameter Remote Command Execution Vulnerabilities
- AV Arcade 'ava_code' Cookie Parameter SQL Injection Vulnerability
- ASP Inline Corporate Calendar SQL injection
- Advantech Studio 'NTWebServer.exe' Directory Traversal Vulnerability
- appRain CMF SQL Injection And Cross Site Scripting Vulnerabilities