DDIVRT-2011-32 Axway SecureTransport '/icons/' Directory Traversal Aug 29 2011 01:56PM
ddivulnalert ddifrontline com
DDIVRT-2011-32 Axway SecureTransport '/icons/' Directory Traversal


Date Discovered
July 15, 2011

Discovered By
Digital Defense, Inc. Vulnerability Research Team
Credit: sxkeebler and r@b13$

Vulnerability Description
The Axway SecureTransport device contains a directory traversal in
the '/icons/' directory. An unauthenticated remote attacker can use
this vulnerability to obtain arbitrary files from the root file system
of the vulnerable host.

Solution Description
Axway Global Support has addressed this vulnerability in package: SecureTransport Server 4.8.2 Patch 12.

Patch download: Axway Customers can download the patch using their support account at https://support.axway.com
File Packages: STEE-4_8_2-Patch12-Windows-x86-Build420.jar
MD5 checksum: 0401efe41ee05f2ee25d3adddca113ba
Size: 928753 bytes

See the Patch Readme file which is available on the vendor website for additional information.

Tested Systems / Software
DDI tested: Axway SecureTransport 4.8.1
Axway tested: Axway tested all supported platforms for
SecureTransport 4.8.x, 4.9.x, 5.0, and 5.1 and determined
that the vulnerability only exists on the Windows platform
for SecureTransport 4.8.x

Vendor Contact
Vendor Name: Axway

Vendor Support
Email: support (at) axway (dot) com [email concealed]
Phone: +1-866-AXWAY-US or
- Go to https://support.axway.com
- Click the "Contact Axway Support" link to display a list of regional support contact phone numbers.

[ reply ]


Privacy Statement
Copyright 2010, SecurityFocus