Directory traversal

2017-10-1013:29:00

PRIOn knowledge base

www.prio-n.com

7.2 High

AI Score

Confidence

Low

0.971 High

EPSS

Percentile

99.8%

JSON

Directory traversal vulnerability in the template function in function.inc in Accellion File Transfer Appliance devices before FTA_9_11_210 allows remote attackers to read arbitrary files via a … (dot dot) in the statecode cookie.

CPENameOperatorVersion
file_transfer_applianceeq<= fta911200

CPE	Name	Operator	Version
	file_transfer_appliance	eq	<= fta911200

References

www.rapid7.com/db/modules/auxiliary/scanner/http/accellion_fta_statecode_file_read