Vulnerability Description
Directory traversal vulnerability in the SSL server in AEP Smartgate 4.3b allows remote attackers to download arbitrary files via ..\ (dot dot backslash) sequences in an HTTP GET request.
CVSS Score
7.5
HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Aep Networks | Smartgate Ssl Server | 4.3b |
References
- http://secunia.com/advisories/22550Vendor Advisory
- http://www.securityfocus.com/bid/20722Exploit
- http://www.vupen.com/english/advisories/2006/4224
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29817
- https://prdelka.blackart.org.uk/exploitz/prdelka-vs-AEP-smartgate.cExploit
- https://www.exploit-db.com/exploits/2637
- http://secunia.com/advisories/22550Vendor Advisory
- http://www.securityfocus.com/bid/20722Exploit
- http://www.vupen.com/english/advisories/2006/4224
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29817
- https://prdelka.blackart.org.uk/exploitz/prdelka-vs-AEP-smartgate.cExploit
- https://www.exploit-db.com/exploits/2637
FAQ
What is CVE-2006-5596?
CVE-2006-5596 is a vulnerability with a CVSS score of 7.5 (HIGH). Directory traversal vulnerability in the SSL server in AEP Smartgate 4.3b allows remote attackers to download arbitrary files via ..\ (dot dot backslash) sequences in an HTTP GET request.
How severe is CVE-2006-5596?
CVE-2006-5596 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-5596?
Check the references section above for vendor advisories and patch information. Affected products include: Aep Networks Smartgate Ssl Server.