VULHUB ™

A vulnerability has been discovered in Halcyon Software iASP. The flaw lies in the Remote Console Applet, which allows remote users access to arbitrary system files. It is possible to view a known system resource by including dot-dot-slash (../) directory traversal sequences in a malicious request to the iASP server. Information gained through exploiting this issue may aid an attacker in launching further attacks against a target server. It should be noted that this vulnerability is known to exist in iASP v1.0.9 and earlier. It is not yet know whether this issue affects later versions.

A vulnerability has been discovered in Halcyon Software iASP. The flaw lies in the Remote Console Applet, which allows remote users access to arbitrary system files. It is possible to view a known system resource by including dot-dot-slash (../) directory traversal sequences in a malicious request to the iASP server. Information gained through exploiting this issue may aid an attacker in launching further attacks against a target server. It should be noted that this vulnerability is known to exist in iASP v1.0.9 and earlier. It is not yet know whether this issue affects later versions.