Vulnerabilities > CVE-2006-4140 - Directory Traversal vulnerability in IPCheck Server Monitor
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
Directory traversal vulnerability in IPCheck Server Monitor before 5.3.3.639/640 allows remote attackers to read arbitrary files via modified .. (dot dot) sequences in the URL, including (1) "..%2f" (encoded "/" slash), "..../" (multiple dot), and "..%255c../" (double-encoded "\" backslash).
Vulnerable Configurations
Exploit-Db
description | IPCheck Server Monitor 5.x Directory Traversal Vulnerability. CVE-2006-4140. Remote exploit for windows platform |
id | EDB-ID:28374 |
last seen | 2016-02-03 |
modified | 2006-08-10 |
published | 2006-08-10 |
reporter | Tassi Raeburn |
source | https://www.exploit-db.com/download/28374/ |
title | IPCheck Server Monitor 5.x - Directory Traversal Vulnerability |
Nessus
NASL family | CGI abuses |
NASL id | IPCHECK_DIR_TRAVERSAL.NASL |
description | The remote host is running IPCheck Server Monitor, a network resource monitoring tool for Windows. The installed version of IPCheck Server Monitor fails to filter directory traversal sequences from requests that pass through web server interface. An attacker can exploit this issue to read arbitrary files on the remote host subject to the privileges under which the affected application runs. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 22205 |
published | 2006-08-14 |
reporter | This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/22205 |
title | IPCheck Server Monitor Traversal Arbitrary File Access |
code |
|
References
- http://secunia.com/advisories/21468
- http://securityreason.com/securityalert/1389
- http://securitytracker.com/id?1016676
- http://www.paessler.com/forum/viewtopic.php?p=4047&sid=f8c0f03a69d9498338797c6ea3cc6733
- http://www.paessler.com/ipcheck/history
- http://www.securityfocus.com/archive/1/442822/100/0/threaded
- http://www.securityfocus.com/archive/1/444227/100/0/threaded
- http://www.securityfocus.com/bid/19473
- http://www.vupen.com/english/advisories/2006/3259
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28341