Brio Unix odscgi HTMLFile Parameter Traversal Arbitrary File Access

medium Nessus Plugin ID 15849

Language:

Synopsis

Arbitrary files may be read on the remote host.

Description

The Brio web application interface has a directory traversal in the component 'odscgi'. An attacker may exploit this flaw to read arbitrary files on the remote host by submitting a URL like :

http://www.example.com/ods-cgi/odscgi?HTMLFile=../../../../../../etc/passwd

Solution

Check www.brio.com for updated software.

Plugin Details

Severity: Medium

ID: 15849

File Name: brio_dir_traversal.nasl

Version: 1.15

Type: remote

Family: CGI abuses

Published: 11/30/2004

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Vulnerability Information

Required KB Items: Settings/ThoroughTests

Exploited by Nessus: true

Detections

Analytics