Description
Anaconda Partners Clipper 3.3 and earlier allows a remote attacker to read arbitrary files via a '..' (dot dot) attack in the template parameter.
Affected products
References
- MISChttp://anacondapartners.com/cgi-local/apexec.pl?template=ap_releasenotestemplate.html&f1=ap_af_updates_menu&f2=ap_af_releasenotes_clip
- MISChttp://www.securityfocus.com/bid/2512
- MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/6286
- MISChttp://archives.neohapsis.com/archives/bugtraq/2001-03/0395.html