---------------------------------------------------------------------- Monitor, Filter, and Manage Security Information - Filtering and Management of Secunia advisories - Overview, documentation, and detailed reports - Alerting via email and SMS Request Trial: https://ca.secunia.com/?f=l ---------------------------------------------------------------------- TITLE: Computalynx CProxy Directory Traversal Vulnerability SECUNIA ADVISORY ID: SA14461 VERIFY ADVISORY: http://secunia.com/advisories/14461/ CRITICAL: Less critical IMPACT: Exposure of sensitive information, DoS WHERE: >From local network SOFTWARE: Computalynx CProxy 3.x http://secunia.com/product/4736/ DESCRIPTION: Kristof Philipsen has reported a vulnerability in Computalynx CProxy, which can be exploited by malicious people to disclose sensitive information and cause a DoS (Denial of Service). The vulnerability is caused due to an input validation error making it possible to disclose arbitrary files outside the cache directory via directory traversal attacks. Example: GET http://../../[file] HTTP/1.0 This can also be exploited to crash the application by requesting an executable file outside the cache directory. The vulnerability has been reported in versions 3.3.x and 3.4.x (3.4.4). Other versions may also be affected. SOLUTION: Use another product. PROVIDED AND/OR DISCOVERED BY: Kristof Philipsen ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------