CVE-2004-0578

Description

WinGate 5.2.3 build 901 and 6.0 beta 2 build 942, and other versions such as 5.0.5, allows remote attackers to read arbitrary files via leading slash (//) characters in a URL request to the wingate-internal directory.

Affected products

• qbik / wingate5.0.5 – 5.0.5
• qbik / wingate5.2.3 – 5.2.3
• qbik / wingate6.0_beta_2 – 6.0_beta_2

References

• MAILING_LISThttp://marc.info/?l=full-disclosure&m=108872788123695&w=2
• MISChttp://www.idefense.com/application/poi/display?id=113
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/16589