Working Resources BadBlue Enterprise Edition File Upload Vulnerability

Working Resources BadBlue Enterprise Edition is a webserver intended to share various resources and is developed for Microsoft Windows environments.

A feature built into BadBlue Enterprise Edition permits users to upload files to the host. This is a not a default configuration, the administrator must configure the virtual directory.

If this upload feature is configured without password protection, it is possible for remote users to upload files containing executable code. Once the file is uploaded it may be possible for the user to call the file, initiating the execution of the malicious file.


 

Privacy Statement
Copyright 2010, SecurityFocus