Directory Traversal Vulnerability in SolarWinds TFTP Server
CVE-2006-1951

Currently unrated

Key Information:

Vendor: Solarwinds
Status: Tftp Server
Vendor: CVE Published:; 24 April 2006

Summary

The SolarWinds TFTP Server 8.1 and earlier is susceptible to a directory traversal vulnerability that enables remote attackers to access arbitrary files on the server. This is achieved by sending specially crafted GET requests that include sequences such as '....//' which are interpreted as '../' sequences by the filtering mechanism. As a result, this flaw could lead to unauthorized access to sensitive files and data, potentially compromising system integrity and confidentiality.

References

http://www.securityfocus.com/bid/17648

vdb-entryx_refsource_BID

http://www.securityfocus.com/archive/1/431729/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.rapid7.com/advisories/R7-0019.html

x_refsource_MISC

Timeline

Vulnerability published
Apr 24, 2006
Vulnerability Reserved
Apr 20, 2006