Performance Guard from CapaSystems suffers from a traversal vulnerability that allows for arbitrary file reading.
ef90193100f7cdc65bdecf8b7d836ffcd9708cba4b2d4d930fc7cec1e399cd46Application Performance Guard
Vendor CapaSystems
Link http://www.capasystems.com/it-performance-monitorin
Discovered by Kerem Kocaer <kerem.kocaer(at)gmail(dot)com>
Problem
-------
Path traversal vulnerability in the "download logs" section allows remote attackers to read
arbitrary files by intercepting and modifying the file path in an HTTP request to "uploadreader.jsp".
The vulnerability is confirmed to exist in version 6.1.27. Other versions may also be vulnerable.
Exploit
-------
This issue can be exploited with a web browser and a proxy tool to intercept and modify parameters
sent to: http://[address]/logreader/uploadreader.jsp
Fix
---
The vendor has reported fixing the problem in version 6.2.102.
Bug Fix PG-8050 (http://capawiki.capasystems.com/display/pgdoc/PG+6.2.102)
Timeline
--------
2013-05-16 Provided details to CapaSystems
2013-06-07 Performance Guard version 6.2.102 released (with Bug fix PG-8050)
Reference
---------
CVE Number: CVE-2013-5216
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed