Closing remote file download hole in MeetingPlace

Unanswered Question
Sep 16th, 2010
User Badges:

Hi, I'm trying to find out how to address the issue that you can browse to /public/tutorial?video=/../..//../..//../..//../..//../..//etc/passwd and download the passwd and similarly other files on the filesystem on MeetingPlace without any sort of authentication. Has there been a patch or some way to address this vulnerability?


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Brad Martin Tue, 09/21/2010 - 12:01
User Badges:
  • Bronze, 100 points or more

That's amazing. We shut down our system. Do you know if Cisco has documented this anywhere?


This Discussion