Advisory

Barracuda Networks Products Multiple Directory Traversal Vulnerabilities

Advisory ID: SWRX-2010-002

  • Advisory Information
  • Title: Barracuda Networks Products Multiple Directory Traversal Vulnerabilities 
  • Advisory ID: SWRX-2010-002
  • Date published: Wednesday, September 29, 2010
  • CVSS v2 Base Score: 10 (High) (AV:N/AC:L/Au:N/C:C/I:C/A:C)
  • Date of last update: Wednesday, September 29, 2010
  • Vendors contacted: Barracuda Networks
  • Release mode: Coordinated
  • Discovered by: Randy Janinda and corroborated by Sanjeev Sinha, SecureWorks

Summary

Multiple vulnerabilities exist in Barracuda Networks products due to improper validation of user-controlled input. User-controllable input supplied to the embedded web server is not properly sanitized for illegal path delimiting characters prior to being used to access files. A specially crafted HTTP request containing directory traversal sequences could allow remote attackers to conduct traversal attacks. The impact of successful exploitation depends upon the contents of the files that were retrieved.

Download the PDF

PGP Signature (PC Users: You may need to right click your mouse and select "Save As")

SecureWorks CTU Public Key



ABOUT THE AUTHOR
COUNTER THREAT UNIT RESEARCH TEAM

The Secureworks Counter Threat Unit™ (CTU) is a dedicated threat research team that analyzes threat data across our global customer base and actively monitors the threat landscape.
Back to more Threat Analyses and Advisories

GET THE LATEST SECURITY UPDATES

Thank you for your submission.

Talk with an Expert

Thank you for submitting the form! We have received your request. A Secureworks team member will contact you within one business day.