[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

SPAMINA EMAIL FIREWALL 3.3.1.1 - Directory Traversal -

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: SPAMINA EMAIL FIREWALL 3.3.1.1 - Directory Traversal -
From: sisco.barrera@xxxxxxxxx
Date: Tue, 7 Jan 2014 14:57:31 GMT

Vulnerability in the web application of Spamina email firewall.

Vulnerability Type: Directory Traversal

- Original release date: October 3th, 2013
- Last revised: December 9th, 2013
- Discovered by: Sisco Barrera - A2SECURE

Products and affected versions:
SPAMINA EMAIL FIREWALL 3.3.1.1 (maybe other versions also vulnerable)


Vulnerability Discovered by: Sisco Barrera - sisco.barrera@xxxxxxxxx    
Company: A2SECURE - España
A2Secure Website: http://www.a2secure.com
Vendor Website: http://www.spamina.com
Application Website: 
http://es.spamina.com/es/products.php?pob=CloudEmailFirewall


======================
Background
======================

Spamina is a global leader in offering innovative Cloud-based E-mail & Web 
security solutions. Our security solutions help organizations to instantly 
secure and manage their information while maintaining compliance and corporate 
policies. Spamina solutions include Cloud Email Firewall, Cloud Email 
Encryption & DLP, Cloud Email Archiving and Cloud Web Security to provide Web 
traffic filtering.



======================
Vulnerability Details
======================

A directory-traversal attack is based on the premise that web clients are 
limited to specific directories within the Windows files system. The initial 
directory access by web clients is known as the root directory on a web server. 
This root directory typically stores the home page usually known as Default or 
Index, as well as other HTML documents for the web server. The web server 
should allow users to access only these specific directories and subdirectories 
of root. However, a directory- traversal attack permits access to other 
directories within the file system. The encoded version of / (slash) in ../ 
directory traversal request (%2E%2E%2F) seems to be now fixed, after our 
previous alert.

Spamina should define access rights to private folders on the web server, 
implement a special characters filtering, apply patches and hotfixes.

======================
Proof of Concepts
======================

This URLs just show the directory traversal are this:

https://xxx.xxx.xxx.xxx/?action=showHome&language=../../../../../../../../../../etc/passwd%00.jpg

https://xxx.xxx.xxx.xxx/multiadmin/js/lib/?action=../../../../../../../../../../etc/passwd&language=de

https://xxx.xxx.xxx.xxx/index.php?action=userLogin&language=../../../../../../../../../../etc/passwd.jpg

======================
Credits/Author
======================

Sisco Barrera
a2secure.com

======================
Disclaimer
======================

All information is provided without warranty. The intent is to provide 
information to secure infrastructure and/or systems, not to be able to attack 
or damage. Therefore A2Secure shall not be liable for any direct or indirect 
damages that might be caused by using this information.

Prev by Date: AusCERT2014 Call for Presentations and Tutorials
Next by Date: [SECURITY] [DSA 2837-1] openssl security update
Previous by thread: AusCERT2014 Call for Presentations and Tutorials
Next by thread: [SECURITY] [DSA 2837-1] openssl security update
Index(es):
- Date
- Thread