9 lines
No EOL
638 B
Text
9 lines
No EOL
638 B
Text
source: https://www.securityfocus.com/bid/27358/info
|
|
|
|
BitDefender Update Server is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data.
|
|
|
|
Exploiting this issue allows an attacker to access potentially sensitive information that could aid in further attacks.
|
|
|
|
BitDefender Security for File Servers, BitDefender Enterprise Manger, and other BitDefender products that include the Update Server are vulnerable. This issue affects Update Server when running on Windows; Linux and UNIX variants may also be affected.
|
|
|
|
echo -e "GET /../../boot.ini HTTP/1.0\r\n\r\n" | nc <server> <port> |