Fujitsu Web-Based Admin View 2.1.2 - Directory Traversal

source: https://www.securityfocus.com/bid/30780/info

Fujitsu Web-Based Admin View is prone to a directory-traversal vulnerability because the application fails to sufficiently sanitize user-supplied input. This issue occurs in the application's HTTP server.

Exploiting this issue will allow an attacker to view arbitrary local files within the context of the webserver. Information harvested may aid in launching further attacks.

Web-Based Admin View 2.1.2 is vulnerable; other versions may also be affected.


The following example is available:

GET /.././.././.././.././.././.././.././.././.././etc/passwd HTTP/1.0
Host: www.example.com:8081