TUCoPS :: HP Unsorted I :: va1882.htm

iPhone Configuration Web Utility 1.0 for Windows Directory Traversal
DDIVRT-2008-15 iPhone Configuration Web Utility 1.0 for Windows Directory Traversal
DDIVRT-2008-15 iPhone Configuration Web Utility 1.0 for Windows Directory Traversal


Title=0D
-----=0D
DDIVRT-DDIVRT-2008-15 iPhone Configuration Web Utility 1.0 for Windows Directory Traversal=0D
=0D
Severity=0D
--------=0D
High=0D
=0D
Date Discovered=0D
---------------=0D
October 2, 2008=0D
=0D
Discovered By=0D
-------------=0D
Digital Defense, Inc. Vulnerability Research Team=0D
Credit: Corey LeBleu and r@b13$=0D
=0D
Vulnerability Description=0D
-------------------------=0D
The iPhone Configuration Web Utility allows centralized management of iPhone configuration settings. The iPhone Configuration Web Utility 1.0 for Windows web interface is vulnerable to a common web directory traversal attack. Successful exploitation will result in arbitrary read-only file access outside of the iPhone Configuration Web Utility 1.0 web root.=0D
=0D
Solution Description=0D
--------------------=0D
Filter network traffic so that only trusted users can access the web interface.=0D
=0D
Tested Systems / Software (with versions)=0D
------------------------------------------=0D
Windows XP Professional=0D
iPhone Configuration Web Utility 1.0 for Windows=0D
=0D
Vendor Contact=0D
--------------=0D
Vendor Name: Apple Inc.=0D
Vendor Website: www.apple.com

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH