Vulnerabilities > CVE-2006-5596 - Directory Traversal Information Disclosure vulnerability in AEP Networks Smartgate SSL Server 4.3B

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

aep-networks

exploit available

NVD

Published: 2006-10-28

Updated: 2017-10-19

Summary

Directory traversal vulnerability in the SSL server in AEP Smartgate 4.3b allows remote attackers to download arbitrary files via ..\ (dot dot backslash) sequences in an HTTP GET request. Update to version 4.3C or later.

Vulnerable Configurations

Part	Description	Count
Application	Aep_Networks AEP Networks Smartgate SSL Server 4.3B	1

Exploit-Db

description	AEP SmartGate 4.3b (GET) Arbitrary File Download Exploit. CVE-2006-5596,CVE-2006-5725. Remote exploit for windows platform
file	exploits/windows/remote/2637.c
id	EDB-ID:2637
last seen	2016-01-31
modified	2006-10-24
platform	windows
port	143
published	2006-10-24
reporter	prdelka
source	https://www.exploit-db.com/download/2637/
title	AEP SmartGate 4.3b GET Arbitrary File Download Exploit
type	remote

Summary

Vulnerable Configurations

Exploit-Db

References