BugTraq
DDIVRT-2008-15 iPhone Configuration Web Utility 1.0 for Windows Directory Traversal Nov 21 2008 05:04PM
vulnerabilityresearch ddifrontline com
Title

-----

DDIVRT-DDIVRT-2008-15 iPhone Configuration Web Utility 1.0 for Windows Directory Traversal

Severity

--------

High

Date Discovered

---------------

October 2, 2008

Discovered By

-------------

Digital Defense, Inc. Vulnerability Research Team

Credit: Corey LeBleu and r@b13$

Vulnerability Description

-------------------------

The iPhone Configuration Web Utility allows centralized management of iPhone configuration settings. The iPhone Configuration Web Utility 1.0 for Windows web interface is vulnerable to a common web directory traversal attack. Successful exploitation will result in arbitrary read-only file access outside of the iPhone Configuration Web Utility 1.0 web root.

Solution Description

--------------------

Filter network traffic so that only trusted users can access the web interface.

Tested Systems / Software (with versions)

------------------------------------------

Windows XP Professional

iPhone Configuration Web Utility 1.0 for Windows

Vendor Contact

--------------

Vendor Name: Apple Inc.

Vendor Website: www.apple.com

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus