1. CVE-Search
  2. CVE-2006-5596
ID CVE-2006-5596
Summary Directory traversal vulnerability in the SSL server in AEP Smartgate 4.3b allows remote attackers to download arbitrary files via ..\ (dot dot backslash) sequences in an HTTP GET request. Update to version 4.3C or later.
References
Vulnerable Configurations
  • cpe:2.3:a:aep_networks:smartgate_ssl_server:4.3b:*:*:*:*:*:*:*
    cpe:2.3:a:aep_networks:smartgate_ssl_server:4.3b:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 19-10-2017 - 01:29)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bid 20722
exploit-db 2637
misc https://prdelka.blackart.org.uk/exploitz/prdelka-vs-AEP-smartgate.c
secunia 22550
vupen ADV-2006-4224
xf smartgate-http-directory-traversal(29817)
Last major update 19-10-2017 - 01:29
Published 28-10-2006 - 00:07
Last modified 19-10-2017 - 01:29
Back to Top