AOH :: HP Unsorted I :: VA1882.HTM

iPhone Configuration Web Utility 1.0 for Windows Directory Traversal



DDIVRT-2008-15 iPhone Configuration Web Utility 1.0 for Windows Directory Traversal
DDIVRT-2008-15 iPhone Configuration Web Utility 1.0 for Windows Directory Traversal



Title=0D
-----=0D
DDIVRT-DDIVRT-2008-15 iPhone Configuration Web Utility 1.0 for Windows Directory Traversal=0D
=0D
Severity=0D
--------=0D
High=0D
=0D
Date Discovered=0D
---------------=0D
October 2, 2008=0D
=0D
Discovered By=0D
-------------=0D
Digital Defense, Inc. Vulnerability Research Team=0D
Credit: Corey LeBleu and r@b13$=0D
=0D
Vulnerability Description=0D
-------------------------=0D
The iPhone Configuration Web Utility allows centralized management of iPhone configuration settings. The iPhone Configuration Web Utility 1.0 for Windows web interface is vulnerable to a common web directory traversal attack. Successful exploitation will result in arbitrary read-only file access outside of the iPhone Configuration Web Utility 1.0 web root.=0D
=0D
Solution Description=0D
--------------------=0D
Filter network traffic so that only trusted users can access the web interface.=0D
=0D
Tested Systems / Software (with versions)=0D
------------------------------------------=0D
Windows XP Professional=0D
iPhone Configuration Web Utility 1.0 for Windows=0D
=0D
Vendor Contact=0D
--------------=0D
Vendor Name: Apple Inc.=0D
Vendor Website: www.apple.com 

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.