BRS WebWeaver Web Server File Access Vulnerability

WebWeaver's Web server has a flaw that discloses the contents of potentially sensitive files to attackers.

It is possible for an attacker to bypass WebWeaver's input validation by constructing a request containing './' character sequences. Information obtained in this manner may allow an attacker to launch further, potentially destructive, attacks against the vulnerable server.


Privacy Statement
Copyright 2010, SecurityFocus