The Axway SecureTransport device contains a directory traversal in the '/icons/' directory. An unauthenticated remote attacker can use this vulnerability to obtain arbitrary files from the root file system of the vulnerable host.
1b3c5c1df5ff2ebfb4d989500a0c88455f9836ec0f3075c8f7d42816d3df5526
Title
-----
DDIVRT-2011-32 Axway SecureTransport '/icons/' Directory Traversal
Severity
--------
High
Date Discovered
---------------
July 15, 2011
Discovered By
-------------
Digital Defense, Inc. Vulnerability Research Team
Credit: sxkeebler and r@b13$
Vulnerability Description
-------------------------
The Axway SecureTransport device contains a directory traversal in
the '/icons/' directory. An unauthenticated remote attacker can use
this vulnerability to obtain arbitrary files from the root file system
of the vulnerable host.
Solution Description
--------------------
Axway Global Support has addressed this vulnerability in package: SecureTransport Server 4.8.2 Patch 12.
Patch download: Axway Customers can download the patch using their support account at https://support.axway.com
File Packages: STEE-4_8_2-Patch12-Windows-x86-Build420.jar
MD5 checksum: 0401efe41ee05f2ee25d3adddca113ba
Size: 928753 bytes
See the Patch Readme file which is available on the vendor website for additional information.
Tested Systems / Software
-------------------------
DDI tested: Axway SecureTransport 4.8.1
Axway tested: Axway tested all supported platforms for
SecureTransport 4.8.x, 4.9.x, 5.0, and 5.1 and determined
that the vulnerability only exists on the Windows platform
for SecureTransport 4.8.x
Vendor Contact
--------------
Vendor Name: Axway
Vendor Support
Email: support@axway.com
Phone: +1-866-AXWAY-US or
- Go to https://support.axway.com
- Click the "Contact Axway Support" link to display a list of regional support contact phone numbers.