Software602 602Pro LAN SUITE < 2004.0.05.0509 Directory Traversal Arbitrary File Access

medium Nessus Network Monitor Plugin ID 2883

Synopsis

The remote host is vulnerable to a directory traversal flaw.

Description

The remote host is running the 602Pro LAN SUITE, an application that provides web, FTP, telnet, DNS, RealAudio, SSL services and proxying. This version of 602Pro LAN SUITE is vulnerable to a remote directory traversal attack within the 'mail' scripts 'A' parameter. An attacker exploiting this flaw would simply supply a typical '../../' directory traversal query to the 'A' parameter. Successful exploitation would give the attacker access to any files on the remote system. This introduces a loss of confidentiality.

Solution

Upgrade to version 2004.0.05.0509 or higher.

Plugin Details

Severity: Medium

ID: 2883

Family: Web Servers

Published: 5/6/2005

Updated: 3/6/2019

Risk Information

VPR

Risk Factor: Medium

Score: 5.5

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 4.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Temporal Score: 5.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:software602:602lan_suite

Reference Information

CVE: CVE-2005-1423

BID: 13519

Detections

Analytics

Software602 602Pro LAN SUITE < 2004.0.05.0509 Directory Traversal Arbitrary File Access

medium Nessus Network Monitor Plugin ID 2883

Synopsis

Description

Solution

Plugin Details

Risk Information

VPR

CVSS v2

CVSS v3

Vulnerability Information

Reference Information