FSP Directory Traversal Flaw

2003-11-25T05:52:31
ID OSVDB:3346
Type osvdb
Reporter OSVDB
Modified 2003-11-25T05:52:31

Description

Vulnerability Description

FSP contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an attacker uses a specially crafted URL, which allow access outside the server root, resulting in a loss of confidentiality.

Solution Description

Upgrade to version 2.8.1b18 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

FSP contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an attacker uses a specially crafted URL, which allow access outside the server root, resulting in a loss of confidentiality.

References:

Secunia Advisory ID:10561 Nessus Plugin ID:11988 ISS X-Force ID: 14154 Generic Informational URL: http://cvs.sourceforge.net/viewcvs.py/fsp/fsp/ChangeLog?view=auto CVE-2003-1022 CIAC Advisory: o-048 Bugtraq ID: 9377