|
|
 |
| New User, Welcome! Login |
DDIVRT-2008-15 iPhone Configuration Web Utility 1.0 for Windows Directory Traversal
| From: |
vulnerabilityresearch ddifrontline com |
| To: |
bugtraq securityfocus com |
| Cc: |
|
| Subject: |
DDIVRT-2008-15 iPhone Configuration Web Utility 1.0 for Windows Directory Traversal |
| Date: |
Fri - Nov 21, 2008 09:58 AM |
Title
-----
DDIVRT-DDIVRT-2008-15 iPhone Configuration Web Utility 1.0 for Windows Directory Traversal
Severity
--------
High
Date Discovered
---------------
October 2, 2008
Discovered By
-------------
Digital Defense, Inc. Vulnerability Research Team
Credit: Corey LeBleu and r@b13$
Vulnerability Description
-------------------------
The iPhone Configuration Web Utility allows centralized management of iPhone configuration settings. The iPhone Configuration Web Utility 1.0 for Windows web interface is vulnerable to a common web directory traversal attack. Successful exploitation will result in arbitrary read-only file access outside of the iPhone Configuration Web Utility 1.0 web root.
Solution Description
--------------------
Filter network traffic so that only trusted users can access the web interface.
Tested Systems / Software (with versions)
------------------------------------------
Windows XP Professional
iPhone Configuration Web Utility 1.0 for Windows
Vendor Contact
--------------
Vendor Name: Apple Inc.
Vendor Website: www.apple.com
|
|
|
Copyright © 1995-2012 LinuxRocket.net. All rights reserved.
Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!
