Vulnerability: The IBM alphaWorks TFTP Server for Java available at http://alphaworks.ibm.com/tech/TFTP is vulnerable to a standard directory traversal attack (i.e. ../../). Vendor Response: The vendor was contacted on 19 June 2001 and responded on 20 June 2001 as follows: "We will take a look at the issue and fix it as soon as possible". Further correspondence requesting when a fix will be released has been ignored. Solution: None.
This archive was generated by hypermail 2b30 : Fri Jul 20 2001 - 08:05:39 PDT