CVE-2014-0780

2014-04-25 07:12:07 2017-09-16 03:29:00

Directory traversal vulnerability in NTWebServer in InduSoft Web Studio 7.1 before SP2 Patch 4 allows remote attackers to read administrative passwords in APP files, and consequently execute arbitrary code, via unspecified web requests.

Vector

NETWORK

Complexity

LOW

Authentication

NONE

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

InduSoft Web Studio 7.1 InduSoft Web Studio 7.1 Service Pack 1 InduSoft Web Studio 7.1 Service Pack 2

Indusoft - Web studio

Advisory	Patch	Confirmed	Link
			67056
			http://ics-cert.us-cert.gov/advisories/ICSA-14-107-02
			42699

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (ID 22)

Related CAPEC 7 Relative Path Traversal (CAPEC-ID 139) Directory Traversal (CAPEC-ID 213) File System Function Injection, Content Based (CAPEC-ID 23) Using Slashes and URL Encoding Combined to Bypass Validation Logic (CAPEC-ID 64) Manipulating Input to File System Calls (CAPEC-ID 76) Using Escaped Slashes in Alternate Encoding (CAPEC-ID 78) Using Slashes in Alternate Encoding (CAPEC-ID 79)