ID
VAR-E-201109-0616
TITLE
Wibu-Systems CodeMeter License Server Directory Traversal Vulnerability
Trust: 0.3
DESCRIPTION
Wibu-Systems CodeMeter is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input.
Exploiting this issue can allow an attacker to download arbitrary files with certain extensions from outside the server root directory. This may aid in further attacks.
CodeMeter 4.30c is affected; other versions may also be vulnerable.
Trust: 0.3
AFFECTED PRODUCTS
| vendor: | wibu | model: | codemeter 4.30c | scope: | - | version: | - | Trust: 0.3 |
| vendor: | wibu | model: | codemeter 4.30d | scope: | ne | version: | - | Trust: 0.3 |
EXPLOIT
Attackers can use a browser to exploit this issue.
Exploit code is available. Please see the references for information.
Trust: 0.3
PRICE
Free
Trust: 0.3
TYPE
Input Validation Error
Trust: 0.3
CREDITS
Luigi Auriemma
Trust: 0.3
EXTERNAL IDS
| db: | BID | id: | 49437 | Trust: 0.3 |
REFERENCES
| url: | http://www.wibu.com/en/codemeter.html | Trust: 0.3 |
| url: | http://aluigi.altervista.org/adv/codemeter_1-adv.txt | Trust: 0.3 |
SOURCES
| db: | BID | id: | 49437 |
LAST UPDATE DATE
2022-07-27T09:52:21.909000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 49437 | date: | 2011-12-22T18:30:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 49437 | date: | 2011-09-02T00:00:00 |