CVE-2000-1048

Description

Directory traversal vulnerability in the logfile service of Wingate 4.1 Beta A and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack via an HTTP GET request that uses encoded characters in the URL.

Affected products

• qbik / wingate2.1 – 2.1
• qbik / wingate3.0 – 3.0
• qbik / wingate4.0.1 – 4.0.1
• qbik / wingate4.1_beta_a – 4.1_beta_a

References

• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/5373
• MISChttp://archives.neohapsis.com/archives/bugtraq/2000-10/0245.html