Description
Directory traversal vulnerability in the SSL server in AEP Smartgate 4.3b allows remote attackers to download arbitrary files via ..\ (dot dot backslash) sequences in an HTTP GET request.
Affected products
- aep_networks / smartgate_ssl_server4.3b – 4.3b
References
- VENDOR_ADVISORYhttp://secunia.com/advisories/22550
- VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2006/4224
- MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/29817
- EXPLOIThttps://www.exploit-db.com/exploits/2637
- MISChttp://www.securityfocus.com/bid/20722
- MISChttps://prdelka.blackart.org.uk/exploitz/prdelka-vs-AEP-smartgate.c