InstantServers MiniPortal Directory Traversal Vulnerability

InstantServers MiniPortal is a web server package for Windows based machines, based on the Apache project web server. It includes a web based administrative interface, and a bundled FTP server.

An issue has been reported in MiniPortal which could enable a user to gain read access to the directory structure of a host outside of the FTP root. This is accomplished if a request is submitted containing '.../' sequences.


 

Privacy Statement
Copyright 2010, SecurityFocus