F-Secure Web Console Directory Traversal Vulnerability

F-Secure Web Console Directory Traversal Vulnerability

F-Secure Anti-Virus for Microsoft Exchange and F-Secure Internet Gatekeeper are prone to a directory traversal vulnerability.

Reports indicate that the Web Console for the products can allow remote unauthorized attackers to view arbitrary files in the context of the application.

It should be noted that the Web Console for F-Secure Anti-Virus for Microsoft Exchange and F-Secure Internet Gatekeeper is configured by default to accept connections from localhost only. The remote threat only arises if the application has been configured to accept connections from elsewhere. The default configuration only poses a local threat.