0 Results Found
            Back To Results
              Advisory

              Barracuda Networks Products Multiple Directory Traversal Vulnerabilities

              Advisory ID: SWRX-2010-002


              • Advisory Information
              • Title: Barracuda Networks Products Multiple Directory Traversal Vulnerabilities 
              • Advisory ID: SWRX-2010-002
              • Date published: Wednesday, September 29, 2010
              • CVSS v2 Base Score: 10 (High) (AV:N/AC:L/Au:N/C:C/I:C/A:C)
              • Date of last update: Wednesday, September 29, 2010
              • Vendors contacted: Barracuda Networks
              • Release mode: Coordinated
              • Discovered by: Randy Janinda and corroborated by Sanjeev Sinha, SecureWorks

              Summary

              Multiple vulnerabilities exist in Barracuda Networks products due to improper validation of user-controlled input. User-controllable input supplied to the embedded web server is not properly sanitized for illegal path delimiting characters prior to being used to access files. A specially crafted HTTP request containing directory traversal sequences could allow remote attackers to conduct traversal attacks. The impact of successful exploitation depends upon the contents of the files that were retrieved.

              Download the PDF

              PGP Signature (PC Users: You may need to right click your mouse and select "Save As")

              SecureWorks CTU Public Key

              Related Content