eGroupWare JiNN Input Validation Error May Let Remote Users Traverse the Directory
|
|
SecurityTracker Alert ID: 1012118 |
|
SecurityTracker URL: http://securitytracker.com/id/1012118
|
|
CVE Reference:
GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Nov 8 2004
|
Impact:
Disclosure of system information, Disclosure of user information
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): prior to 1.0.00.006
|
Description:
A vulnerability was reported in eGroupWare in JiNN. A remote user may be able to download arbitrary files.
The vendor reported that a remote user may be able to supply a specially crafted URL containing directory traversal characters to download files from the target system. Users of the JiNN component are affected.
|
Impact:
A remote user can view arbitrary files on the target system with the privileges of the target web service.
|
Solution:
The vendor has released a fixed version (1.0.00.006), available at:
http://sourceforge.net/project/showfiles.php?group_id=78745
|
Vendor URL: www.egroupware.org/ (Links to External Site)
|
Cause:
Access control error, Input validation error
|
Underlying OS:
Linux (Any), UNIX (Any), Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Mon, 8 Nov 2004 01:13:33 -0500
Subject: http://sourceforge.net/project/shownotes.php?group_id=78745&release_id=280695
|
> Security problem fixed in JiNN
A vulnerability was reported in eGroupWare in JiNN.
The vendor has released a fixed version (1.0.00.006), available at:
http://sourceforge.net/project/showfiles.php?group_id=78745
|
|
