[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

DDIVRT-2011-32 Axway SecureTransport '/icons/' Directory Traversal

DDIVRT-2011-32 Axway SecureTransport '/icons/' Directory Traversal


Date Discovered
July 15, 2011

Discovered By
Digital Defense, Inc. Vulnerability Research Team
Credit: sxkeebler and r@b13$

Vulnerability Description
The Axway SecureTransport device contains a directory traversal in 
the '/icons/' directory. An unauthenticated remote attacker can use 
this vulnerability to obtain arbitrary files from the root file system 
of the vulnerable host.

Solution Description
Axway Global Support has addressed this vulnerability in package: SecureTransport Server 4.8.2 Patch 12.

Patch download: Axway Customers can download the patch using their support account at https://support.axway.com
File Packages: STEE-4_8_2-Patch12-Windows-x86-Build420.jar
MD5 checksum: 0401efe41ee05f2ee25d3adddca113ba
Size: 928753 bytes

See the Patch Readme file which is available on the vendor website for additional information.

Tested Systems / Software
DDI tested: Axway SecureTransport 4.8.1
Axway tested: Axway tested all supported platforms for 
SecureTransport 4.8.x, 4.9.x, 5.0, and 5.1 and determined 
that the vulnerability only exists on the Windows platform 
for SecureTransport 4.8.x

Vendor Contact
Vendor Name: Axway

Vendor Support
Email: support@xxxxxxxxx
Phone: +1-866-AXWAY-US or
- Go to https://support.axway.com
- Click the "Contact Axway Support" link to display a list of regional support contact phone numbers.