Closing remote file download hole in MeetingPlace 2.1.1.2?

Unanswered Question
Sep 16th, 2010
User Badges:

Hi, I'm trying to find out how to address the issue that you can browse to /public/tutorial?video=/../..//../..//../..//../..//../..//etc/passwd and download the passwd and similarly other files on the filesystem on MeetingPlace without any sort of authentication. Has there been a patch or some way to address this vulnerability?

Thanks!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Brad Martin Tue, 09/21/2010 - 12:01
User Badges:
  • Bronze, 100 points or more

That's amazing. We shut down our system. Do you know if Cisco has documented this anywhere?

Actions

This Discussion