CVE-2005-4202 Information

Description

Multiple directory traversal vulnerabilities in LogiSphere 0.9.9j allow remote attackers to access arbitrary files via (1) .. (dot dot) (2) ...\ (triple dot) and (3) ..//\ sequences in the URL (4) ../\ sequences in the source parameter to viewsource.jsp or (5) ..\\ (dot dot backslash) sequences in the NS-query-pat parameter to the search URL. URL.

Reference

http://secunia.com/advisories/17989 http://www.ipomonis.com/advisories/logisphere_server.zip http://www.securityfocus.com/bid/15807 http://www.vupen.com/english/advisories/2005/2840 https://exchange.xforce.ibmcloud.com/vulnerabilities/23552