7 lines
No EOL
569 B
Text
7 lines
No EOL
569 B
Text
source: https://www.securityfocus.com/bid/5857/info
|
|
|
|
SurfControl SuperScout WebFilter Reports Server is prone to a vulnerability which may allow remote attackers to disclose the contents of arbitrary files.
|
|
|
|
The Reports Server does not sufficiently filter triple-dot-slash (.../) sequences from web requests. As a result, an attacker may break out of the root directory for the reporting service and browse the filesystem at large, disclosing arbitrary files that are readable by the Reports Server.
|
|
|
|
http://reports-server:8888/.../.../.../.../.../.../.../winnt/win.ini |