Velocity web-server 1.0 Directory Traversal File Download Vulnerability

ID SSV:9199
Type seebug
Reporter Root
Modified 2008-07-29T00:00:00


No description provided by source.

                                                Digital Security Research Group [DSecRG] Advisory       #DSECRG-08-028

Application:                    Velocity web-server (a part of Velocity Security Management System)
Versions Affected:              Old version 1.0
Vendor URL:           
Bugs:                           Directory traversal File Download
Exploits:                       YES
Reported:                       03.03.2008
Second report:                  14.03.2008
Vendor response:                14.03.2008
Date of Public Advisory:
Authors:                        Digital Security Research Group [DSecRG]


Velocity web-server has critical  directory traversal  vulnerability


Directory traversal vulnerability find in Velocity web-server
Attacker can exploit this by sending a url with url directory traversal



Fix Information

Version 1.o is very old. If you have thes version please it Update it to last version on


Digital Security is leading IT security company in Russia, providing information security consulting, audit and penetration testing services, risk analysis and ISMS-related services and certification for ISO/IEC 27001:2005 and PCI DSS standards. Digital Security Research Group focuses on web application and database security problems with vulnerability reports, advisories and whitepapers posted regularly on our website.

Contact:        research [at] dsec [dot] ru
       (in Russian)