Details of VAR-201106-0323

ID

VAR-201106-0323

TITLE

Tele Data's Contact Management Server Directory Traversal Vulnerability

Trust: 0.9

sources: CNVD: CNVD-2011-2153 // BID: 48114

DESCRIPTION

Tele Data's Contact Management Server is a specially crafted HTTP server that provides contact management services. Tele Data's Contact Management Server does not properly handle directory traversal character sequences, and remote attackers can exploit the vulnerability to view system file content with WEB permissions. Exploiting this issue will allow an attacker to view arbitrary local files within the context of the webserver. Information harvested may aid in launching further attacks

Trust: 0.81

sources: CNVD: CNVD-2011-2153 // BID: 48114

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2011-2153

AFFECTED PRODUCTS

vendor:

model:

cms tele data's contact management server

scope:

version:

1.1

Trust: 0.9

sources: CNVD: CNVD-2011-2153 // BID: 48114

THREAT TYPE

network

Trust: 0.3

sources: BID: 48114

TYPE

Input Validation Error

Trust: 0.3

sources: BID: 48114

EXTERNAL IDS

db:	BID	id:	48114	Trust: 0.9
db:	CNVD	id:	CNVD-2011-2153	Trust: 0.6

sources: CNVD: CNVD-2011-2153 // BID: 48114

REFERENCES

url:	http://www.autosectools.com/advisory/tele-data-contact-management-server-directory-traversal-231	Trust: 0.9
url:	http://teledata.qc.ca/td_cms/	Trust: 0.3

sources: CNVD: CNVD-2011-2153 // BID: 48114

CREDITS

AutoSec Tools

Trust: 0.3

sources: BID: 48114

SOURCES

db:	CNVD	id:	CNVD-2011-2153
db:	BID	id:	48114

LAST UPDATE DATE

2022-05-17T02:02:39.777000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2011-2153	date:	2011-06-08T00:00:00
db:	BID	id:	48114	date:	2011-06-06T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2011-2153	date:	2011-06-08T00:00:00
db:	BID	id:	48114	date:	2011-06-06T00:00:00