ipMonitor Encoded Traversal Arbitrary File Access

medium Nessus Plugin ID 29697

Synopsis

The remote web server is affected by a directory traversal vulnerability.

Description

A directory traversal flaw was discovered by SensePost to affect ipMonitor versions 8.0 and 8.5. Upon sending a specially formed request to the web server, containing a series of '%2f..' sequences, an unauthenticated attacker is able to traverse the web root and obtain files within the remote file system.

Solution

Upgrade to ipMonitor 8.5, Build 1163 or later.

See Also

https://support.ipmonitor.com/releasehistory.aspx

Plugin Details

Severity: Medium

ID: 29697

File Name: ipmonitor_traversal.nasl

Version: 1.11

Type: remote

Family: Web Servers

Published: 12/13/2007

Updated: 6/12/2020

Supported Sensors: Nessus