182 Keene Digital Media Server prior 1.0.2 Directory Traversal HTTP 2004/09/07 Nico 'Triplex' Spicher Triplex at IT-Helpnet dot de http://triplex.it-helpnet.de http://www.it-helpnet.de Marc Ruef marc dot ruef at computec dot ch http://www.computec.ch computec.ch 2004/11/13 1.2 Made some slight modifications in version 1.1. Corrected the plugin structure and added the accuracy values in 1.2 tcp 8080 open|send GET /%2E%2E%5Csystem.log HTTP/1.0\n\n|sleep|close|pattern_exists 200 95 This plugin was written with the ATK-Plugin-Creator [http://triplex.it-helpnet.de]. James Bercegay http://www.gulftech.org GulfTech Security Research Team 2004/08/25 http://www.gulftech.org/?node=research&article_id=00046-08252004 Keene Digital Media Server 1.0.2 The vendor has stated that the vulnerabilities will be fixed in an upcoming version 1.0.4 Directory Traversal The directory traversal issue is present upon requesting files outside the webroot of the application using hex encoded directory traversal character sequences to create a relative path to the target file.This vulnerability will allow a remote attacker to retrieve potentially sensitive files, possibly aiding them in further system compromise. Upgrade to Keene Digital Media Server to 1.0.4 or newer. Also limit unwanted connections and communications with firewalling if possible. Approx. 30 minutes No Yes Yes Medium 2 7 7 4 12272 http://www.securiteam.com/windowsntfocus/5IP1200DPW.html 3535 Hacking Intern - Angriffe, Strategien, Abwehr, Marc Ruef, Marko Rogge, Uwe Velten and Wolfram Gieseke, November 1, 2002, Data Becker, Düsseldorf, ISBN 381582284X http://www.computec.ch