Back to list
CVE-2014-2232 - "Absolute Path Traversal" (CWE-36) vulnerability in "infoware MapSuite"
Jun 01 2014 07:35PM
Christian Schneider (mail Christian-Schneider net)
-----BEGIN PGP SIGNED MESSAGE-----
"Absolute Path Traversal" (CWE-36) vulnerability in "infoware MapSuite"
This vulnerability affects versions of MapSuite MapAPI prior to 1.0.36 and 1.1.49
MapSuite MapAPI 1.0.36 and 1.1.49
Both patches are available since 2014-03-26.
This issue was reported to the vendor by Christian Schneider (@cschneider4711)
following a responsible disclosure process.
No authentication required
It is possible to traverse the server's filesystem (including listing of directory
contents) and read files from the server's filesystem using a specially crafted URL
to access the MapAPI. This enables attackers to get hold of sensitive files from the
server containing passwords, configuration, source code, etc.
Proof of concept
Due to the responsible disclosure process chosen and to not harm unpatched systems,
no concrete exploit code will be presented in this advisory.
MapSuite MapAPI 1.0.x users should upgrade to 1.0.36 or later as soon as possible.
MapSuite MapAPI 1.1.x users should upgrade to 1.1.49 or later as soon as possible.
CVE-2014-2233 as another vulnerability in the same module, which can be exploited
as a Server-Side Request Forgery (SSRF) via the same input parameter.
2014-02-20 Vulnerability discovered
2014-02-20 Vulnerability responsibly reported to vendor
2014-02-21 Reply from vendor acknowledging report
2014-02-26 Reply from vendor with first patch (version 1.0.34 and 1.1.47)
meanwhile Testing of the patch by the reporting researcher (Christian Schneider)
2014-03-20 Reported to vendor that first patch could by bypassed
meanwhile Conversation about fix strategies between vendor and reporting researcher
2014-03-26 Reply from vendor with updated patch (version 1.0.36 and 1.1.49)
meanwhile Verification of the patch by reporting researcher + vendor informed customers
2014-06-01 Advisory published in coordination with vendor via BugTraq
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Darwin)
-----END PGP SIGNATURE-----
[ reply ]
Copyright 2010, SecurityFocus