Vulnerability Description
Directory traversal vulnerability in the XML Server in IOServer before 1.0.19.0, when the Root Directory pathname lacks a trailing \ (backslash) character, allows remote attackers to read arbitrary files or list arbitrary directories via a .. (dot dot) in a URI.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ioserver | Ioserver | 1.0.18.0 |
Related Weaknesses (CWE)
References
- http://ics-cert.us-cert.gov/advisories/ICSA-12-258-01
- http://secunia.com/advisories/50297Vendor Advisory
- http://www.foofus.net/?page_id=616
- http://ics-cert.us-cert.gov/advisories/ICSA-12-258-01
- http://secunia.com/advisories/50297Vendor Advisory
- http://www.foofus.net/?page_id=616
FAQ
What is CVE-2012-4680?
CVE-2012-4680 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Directory traversal vulnerability in the XML Server in IOServer before 1.0.19.0, when the Root Directory pathname lacks a trailing \ (backslash) character, allows remote attackers to read arbitrary fi...
How severe is CVE-2012-4680?
CVE-2012-4680 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-4680?
Check the references section above for vendor advisories and patch information. Affected products include: Ioserver Ioserver.