Info

Disclosure

Nov 25, 2003

Discovery

Nov 25, 2003

Dates

Exploit

Unknown

Solution

Unknown

Description

FSP contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an attacker uses a specially crafted URL, which allow access outside the server root, resulting in a loss of confidentiality.

Classification

Attack Type: Input Manipulation

Solution

Upgrade to version 2.8.1b18 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Radim Kolar

FSP

2.8.1b17

References

Secunia Advisory ID: 10561
ISS X-Force ID: 14154
CVE ID: 2003-1022 (see also: NVD)
Bugtraq ID: 9377
Generic Informational URL: http://cvs.sourceforge.net/viewcvs.py/fsp/fsp/ChangeLog?view=auto
CIAC Advisory: o-048

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/3346