Home / vulnerabilities DDIVRT-2008-15.txt
Posted on 21 November 2008
Source : packetstormsecurity.org Link
Title
-----
DDIVRT-DDIVRT-2008-15 iPhone Configuration Web Utility 1.0 for Windows Directory Traversal
Severity
--------
High
Date Discovered
---------------
October 2, 2008
Discovered By
-------------
Digital Defense, Inc. Vulnerability Research Team
Credit: Corey LeBleu and r@b13$
Vulnerability Description
-------------------------
The iPhone Configuration Web Utility allows centralized management of iPhone configuration settings. The iPhone Configuration Web Utility 1.0 for Windows web interface is vulnerable to a common web directory traversal attack. Successful exploitation will result in arbitrary read-only file access outside of the iPhone Configuration Web Utility 1.0 web root.
Solution Description
--------------------
Filter network traffic so that only trusted users can access the web interface.
Tested Systems / Software (with versions)
------------------------------------------
Windows XP Professional
iPhone Configuration Web Utility 1.0 for Windows
Vendor Contact
--------------
Vendor Name: Apple Inc.
Vendor Website: www.apple.com
