Details of VAR-E-201401-0425

ID

VAR-E-201401-0425

TITLE

A10 Networks AX ADC 'filename' parameter Directory Traversal Vulnerability

Trust: 0.3

sources: BID: 65206

DESCRIPTION

A10 Networks AX ADC is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input.
A remote attacker could exploit the vulnerability using directory-traversal characters ('../') to access arbitrary files that contain sensitive information. Information harvested may aid in launching further attacks.
This vulnerability affects the following versions:
AX ADC 2.7.0 build 217 and earlier
AX ADC 2.6.1 GR1-P5 and earlier

Trust: 0.3

sources: BID: 65206

AFFECTED PRODUCTS

vendor:	a10	model:	networks ax adc build	scope:	eq	version:	2.7217	Trust: 0.3
vendor:	a10	model:	networks ax adc gr1-p5	scope:	eq	version:	2.6.1	Trust: 0.3

sources: BID: 65206

EXPLOIT

The following example URI is available:
https://www.example.com/xml/downloads/?filename=/a10data/tmp/../../etc/passwd

Trust: 0.3

sources: BID: 65206

PRICE

Free

Trust: 0.3

sources: BID: 65206

TYPE

Input Validation Error

Trust: 0.3

sources: BID: 65206

CREDITS

xistence

Trust: 0.3

sources: BID: 65206

EXTERNAL IDS

db:

BID

id:

65206

Trust: 0.3

sources: BID: 65206

REFERENCES

url:

http://www.a10networks.com/products/axseries_adc.php

Trust: 0.3

sources: BID: 65206

SOURCES

db:

BID

id:

65206

LAST UPDATE DATE

2022-07-27T09:45:09.665000+00:00

SOURCES UPDATE DATE

db:

BID

id:

65206

date:

2014-01-28T00:00:00

SOURCES RELEASE DATE

db:

BID

id:

65206

date:

2014-01-28T00:00:00