Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

DDIVRT-2008-15 iPhone Configuration Web Utility 1.0 for Windows Directory Traversal

From: vulnerabilityresearch () ddifrontline com
Date: 21 Nov 2008 17:04:58 -0000
Title
-----
DDIVRT-DDIVRT-2008-15 iPhone Configuration Web Utility 1.0 for Windows Directory Traversal

Severity
--------
High

Date Discovered
---------------
October 2, 2008

Discovered By
-------------
Digital Defense, Inc. Vulnerability Research Team
Credit: Corey LeBleu and r@b13$

Vulnerability Description
-------------------------
The iPhone Configuration Web Utility allows centralized management of iPhone configuration settings. The iPhone 
Configuration Web Utility 1.0 for Windows web interface is vulnerable to a common web directory traversal attack. 
Successful exploitation will result in arbitrary read-only file access outside of the iPhone Configuration Web Utility 
1.0 web root.

Solution Description
--------------------
Filter network traffic so that only trusted users can access the web interface.

Tested Systems / Software (with versions)
------------------------------------------
Windows XP Professional
iPhone Configuration Web Utility 1.0 for Windows

Vendor Contact
--------------
Vendor Name: Apple Inc.
Vendor Website: www.apple.com
Previous By Date Next
Previous By Thread Next

Current thread: