Detections
Analytics
IPCheck Server Monitor Traversal Arbitrary File Access
medium Nessus Plugin ID 22205
Language:
Synopsis
The remote web server is prone to a directory traversal attack.Description
The remote host is running IPCheck Server Monitor, a network resource monitoring tool for Windows.The installed version of IPCheck Server Monitor fails to filter directory traversal sequences from requests that pass through web server interface. An attacker can exploit this issue to read arbitrary files on the remote host subject to the privileges under which the affected application runs.
Solution
Upgrade to IPCheck Server Monitor version 5.3.3.639/640 or later.See Also
https://www.securityfocus.com/archive/1/442822/30/0/threaded
https://www.paessler.com/ipcheck/history
https://www.securityfocus.com/archive/1/444227/30/0/threaded
Plugin Details
Severity: Medium
ID: 22205
File Name: ipcheck_dir_traversal.nasl
Version: 1.16
Type: remote
Family: CGI abuses
Published: 8/14/2006
Updated: 1/19/2021
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 4.4
CVSS v2
Risk Factor: Medium
Base Score: 5
Temporal Score: 4.1
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N
Vulnerability Information
Exploit Available: true
Exploit Ease: Exploits are available
Exploited by Nessus: true
Vulnerability Publication Date: 8/10/2006
Reference Information
CVE: CVE-2006-4140
BID: 19473