PacketVideo TwonkyServer Directory Traversal

medium Nessus Plugin ID 59242

Synopsis

The remote web server is affected by a directory traversal vulnerability.

Description

The PacketVideo TwonkyServer listening on the remote host is affected by a directory traversal vulnerability that can allow for a remote attacker to view the contents of files located outside of the server's root directory by sending a URI that contains directory traversal characters. The issue is exploitable regardless of having configured the application's Secured Server Settings.

Solution

Upgrade to TwonkyServer 7.0.7 / TwonkyManager 3.0.1 or later.

See Also

https://accounts.google.com/ServiceLogin?service=blogger&hl=en-US&passive=true&continue=https://www.blogger.com/blogin.g?blogspotURL%3Dhttp://ddilabs.blogspot.com/2012/04/packetvideo-twonkyserver-and.html%26zx%3D4y4p732jqdgr

https://forum.twonky.com/viewtopic.php?f=2&t=10692

Plugin Details

Severity: Medium

ID: 59242

File Name: packetvideo_twonky_dir_traversal.nasl

Version: 1.7

Type: remote

Family: CGI abuses

Published: 5/23/2012

Updated: 1/19/2021

Supported Sensors: Nessus

Vulnerability Information

CPE: x-cpe:/a:packetvideo:twonky

Required KB Items: www/twonky

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: Exploits are available

Exploited by Nessus: true

Patch Publication Date: 4/13/2012

Vulnerability Publication Date: 4/26/2012

Reference Information

BID: 53265