Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos network security services platform







Bugtraq: DDIVRT-2008-15 iPhone Configuration Web Utility 1.0 for Windows Directory Traversal

DDIVRT-2008-15 iPhone Configuration Web Utility 1.0 for Windows Directory Traversal

From: <vulnerabilityresearch_at_ddifrontline.com>
Date: 21 Nov 2008 17:04:58 -0000
('binary' encoding is not supported, stored as-is) Title
-----
DDIVRT-DDIVRT-2008-15 iPhone Configuration Web Utility 1.0 for Windows Directory Traversal

Severity
--------
High

Date Discovered
---------------
October 2, 2008

Discovered By
-------------
Digital Defense, Inc. Vulnerability Research Team
Credit: Corey LeBleu and r_at_b13$

Vulnerability Description
-------------------------
The iPhone Configuration Web Utility allows centralized management of iPhone configuration settings. The iPhone Configuration Web Utility 1.0 for Windows web interface is vulnerable to a common web directory traversal attack. Successful exploitation will result in arbitrary read-only file access outside of the iPhone Configuration Web Utility 1.0 web root.

Solution Description
--------------------
Filter network traffic so that only trusted users can access the web interface.

Tested Systems / Software (with versions)
------------------------------------------
Windows XP Professional
iPhone Configuration Web Utility 1.0 for Windows

Vendor Contact
--------------
Vendor Name: Apple Inc.
Vendor Website: www.apple.com
Received on Nov 21 2008

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]