Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

DDIVRT-2008-15 iPhone Configuration Web Utility 1.0 for Windows Directory Traversal
From: vulnerabilityresearch () ddifrontline com
Date: 21 Nov 2008 17:04:58 -0000
Title
-----
DDIVRT-DDIVRT-2008-15 iPhone Configuration Web Utility 1.0 for Windows Directory Traversal

Severity
--------
High

Date Discovered
---------------
October 2, 2008

Discovered By
-------------
Digital Defense, Inc. Vulnerability Research Team
Credit: Corey LeBleu and r () b13$

Vulnerability Description
-------------------------
The iPhone Configuration Web Utility allows centralized management of iPhone configuration settings. The iPhone 
Configuration Web Utility 1.0 for Windows web interface is vulnerable to a common web directory traversal attack. 
Successful exploitation will result in arbitrary read-only file access outside of the iPhone Configuration Web Utility 
1.0 web root.

Solution Description
--------------------
Filter network traffic so that only trusted users can access the web interface.

Tested Systems / Software (with versions)
------------------------------------------
Windows XP Professional
iPhone Configuration Web Utility 1.0 for Windows

Vendor Contact
--------------
Vendor Name: Apple Inc.
Vendor Website: www.apple.com

  By Date           By Thread  

Current thread:
  • DDIVRT-2008-15 iPhone Configuration Web Utility 1.0 for Windows Directory Traversal vulnerabilityresearch (Nov 21)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]