Web application abuses : TrustPort WebFilter <= 5.5.0.2232 Arbitrary File Access Vulnerability

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.103751

Category: Web application abuses

Title: TrustPort WebFilter <= 5.5.0.2232 Arbitrary File Access Vulnerability - Active Check

Summary: TrustPort WebFilter is prone to an arbitrary file access; vulnerability.

Description: Summary:
TrustPort WebFilter is prone to an arbitrary file access
vulnerability.

Vulnerability Insight:
A vulnerability exists within the help.php script, allowing a
remote attacker to access files outside of the webroot with SYSTEM privileges, without
authentication.

Vulnerability Impact:
An attacker can exploit this issue to read arbitrary files in
the context of the web server process, which may aid in further attacks.

Affected Software/OS:
TrustPort WebFilter version 5.5.0.2232 and probably prior.

Solution:
Updates are available.

CVSS Score:
7.8

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:N/A:N

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2013-5301
BugTraq ID: 61662
http://www.securityfocus.com/bid/61662
Bugtraq: 20130807 Trustport Webfilter Remote File Access Vulnerability (Google Search)
http://archives.neohapsis.com/archives/bugtraq/2013-08/0043.html
http://packetstormsecurity.com/files/122735/Trustport-Webfilter-Traversal-File-Disclosure.html
XForce ISS Database: trustportwebfilter-help-directory-traversal(86289)
https://exchange.xforce.ibmcloud.com/vulnerabilities/86289

Copyright Copyright (C) 2013 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.103751
Category:	Web application abuses
Title:	TrustPort WebFilter <= 5.5.0.2232 Arbitrary File Access Vulnerability - Active Check
Summary:	TrustPort WebFilter is prone to an arbitrary file access; vulnerability.
Description:	Summary: TrustPort WebFilter is prone to an arbitrary file access vulnerability. Vulnerability Insight: A vulnerability exists within the help.php script, allowing a remote attacker to access files outside of the webroot with SYSTEM privileges, without authentication. Vulnerability Impact: An attacker can exploit this issue to read arbitrary files in the context of the web server process, which may aid in further attacks. Affected Software/OS: TrustPort WebFilter version 5.5.0.2232 and probably prior. Solution: Updates are available. CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:N/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2013-5301 BugTraq ID: 61662 http://www.securityfocus.com/bid/61662 Bugtraq: 20130807 Trustport Webfilter Remote File Access Vulnerability (Google Search) http://archives.neohapsis.com/archives/bugtraq/2013-08/0043.html http://packetstormsecurity.com/files/122735/Trustport-Webfilter-Traversal-File-Disclosure.html XForce ISS Database: trustportwebfilter-help-directory-traversal(86289) https://exchange.xforce.ibmcloud.com/vulnerabilities/86289
Copyright	Copyright (C) 2013 Greenbone AG