CVE-2004-0465 Information

Description

Directory traversal vulnerability in jretest.html in WebConnect 6.5 and 6.4.4 and possibly earlier versions allows remote attackers to read keys within arbitrary INI formatted files via ..//\ sequences in the WCP_USER parameter.

Reference

http://marc.info/?l=bugtraq&m=110910838600145&w=2 http://secunia.com/advisories/14006/ http://www.cirt.dk/advisories/cirt-29-advisory.pdf http://www.kb.cert.org/vuls/id/628411 http://www.kb.cert.org/vuls/id/JSHA-69HVPK https://exchange.xforce.ibmcloud.com/vulnerabilities/19394