Title: Gefest Web Home Server Unspecified Traversal Arbitrary File Access
Feb 08, 2010
Feb 05, 2010
Gefest Web Home Server contains a flaw that allows a remote attacker to traverse outside of a restricted path. The issue is due to the program not properly sanitizing user input, specifically directory traversal style attacks (e.g., \../\../) supplied via the URL address. This directory traversal attack would allow the attacker to access arbitrary files on the web server.
Remote / Network Access
Loss of Confidentiality
Upgrade to version 1.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.