Niagara Framework Directory Traversal Vulnerability

Summary

Niagara Framework is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input.

Credit:

The original article can be found at: http://www.securityfocus.com/bid/54454
The information has been provided by Billy Rios and Terry McCorkle .


Details

Vulnerable Systems:
 * Niagara Framework Directory Traversal Vulnerability

Remote attackers can use specially crafted requests with directory-traversal sequences (‘../’) to retrieve arbitrary files in the context of the application.
Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks.

Vendor Status:
Currently we are not aware of any vendor-supplied patches

Disclosure Timeline:
Initial Release:Jul 16 2012

Categories: News