11153 : EPiServer linkurl.asp Traversal Arbitrary File Access
Printer | http://osvdb.org/11153 | Email This | Edit Vulnerability

Views This Week

Views All Time

Info

Last Modified

10 months ago

Percent Complete

100%

Disclosure

Dec 15, 2003

Discovery

Unknown

Dates

Exploit

Dec 15, 2003

Solution

Unknown

Description

EPiServer contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an attacker passes a value to the "root" parameter of the linkurl.asp modue which contains a directory-traversing path (i.e. ../), which will disclose any file referenced on the filesystem; this will result in a loss of confidentiality.

Classification

Location: Remote/Network Access Required
Attack Type: Information Disclosure, Input Manipulation
Impact: Loss of Confidentiality
Exploit: Exploit Available
Disclosure: OSVDB Verified

Solution

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround(s):

Add either of these lines to the web.config file:

<customErrors mode="On"/>

<customErrors mode="RemoteOnly"/>

Products

Elektropost	EPIServer	3.2
		3.3
		4.0
		4.1
		4.2

References

Security Tracker: 1011913
Related OSVDB ID: 11154 11155
ISS X-Force ID: 17858
Bugtraq ID: 9223
Vendor URL: http://www.episerver.com/

Manual Testing Notes

Credit

- babbelbubbelhotmail.com -

Blogs

Provided by Technorati

None found at this time

Comments

Add Comment Hide Add Comment

No Comments.

DONATE NOW!

User Status

Account
- Login
- Sign-Up

Quick Searches

Views This Week

Views All Time

Info

Last Modified

Percent Complete

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Elektropost

EPIServer

References

Manual Testing Notes

Credit

Blogs

Comments