Published:2006/08/28 Last Updated:2013/04/17
JVN#90420168
Cybozu products vulnerable to directory traversal
Overview
Multiple Cybozu products contain a directory traversal vulnerability.
Products Affected
- Cybozu Office 6 5 (1.2) and earlier
- Cybozu Garoon 1.5 (4.0) and earlier
- Centralized Management System 1.5(4.0) and earlier
- Workgroup System 1.5(4.0) and earlier
- Billboard Server 1.0(0.6) and earlier
- File Management Server 1.0(0.6) and earlier
- Facility Reservation Server 1.0(0.6) and earlier
- Workflow 1.0 (1.0) and earlier
- Cybozu Mailwise 3.0 (0.2) and earlier
- Cybozu Collaborex1.5 (0.5) and earlier
- Cybozu AG 1.2 (1.4) and earlier
- Cybozu AG Pocket 5.2 (0.7) and earlier
- Share360 2.5(0.2) and earlier
Description
Impact
A remote authenticated attacker could read an arbitrary file on the server. The files that can be viewed by an attacker depend on the environment where the Cybozu products are installed.
Solution
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
Isaac Dawson of Symantec Corporation found this vulnerability, and Noriharu Akamine of Symantec Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the vendors under Information Security Early Warning Partnership.
Other Information
| JPCERT Alert | |
| JPCERT Reports | |
| CERT Advisory | |
| CPNI Advisory | |
| TRnotes | |
| CVE | |
| JVN iPedia |
JVNDB-2006-000650 |
Update History
- 2013/04/17
- Information under the section "Products Affected" was modified.