=====================================================================

                                CERT-Renater

                      Note d'Information No. 2012/VULN111
_____________________________________________________________________

DATE                : 12/03/2012

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S) : Systems running AjaXplorer versions prior to 4.0.4.

======================================================================
http://www.kb.cert.org/vuls/id/504019
_______________________________________________________________________

Vulnerability Note VU#504019

AjaXplorer contains multiple vulnerabilities


Overview
AjaXplorer 4.0.3 and earlier versions contain a directory
traversal vulnerability and a weak cookie authentication scheme.


I. Description
AjaXplorer contains a directory traversal vulnerability in the "Get
Template" feature. The URL variables template_name and pluginName
can be used to exploit this vulnerability.


II. Impact
A remote unauthenticated attacker may be able to read any file on
the server that the web service can access. If an attacker can steal
a user's cookie or access the password file they can use the password
hash to log in as that user without knowing the password.


III. Solution
Apply an Update

AjaXplorer 4.0.4 has been released to address these vulnerabilities.


Vendor Information
Vendor	Status	Date Notified	Date Updated
AjaXplorer	Affected	2012-02-27	2012-03-05


References

http://ajaxplorer.info/ajaxplorer-4-0-4/
http://www.exploitdevelopment.com/vulnerabilities/2012-WEB-001.html


Credit

Thanks to StenoPlasma for reporting this vulnerability.

This document was written by Jared Allar.


Other Information
Date Public:	2012-03-02
Date First Published:	2012-03-08
Date Last Updated:	2012-03-08
CERT Advisory:
CVE-ID(s):
NVD-ID(s):
US-CERT Technical Alerts:
Severity Metric:	0,18
Document Revision:	14

If you have feedback, comments, or additional information about
this vulnerability, please send us email.


======================================================================

=========================================================
Les serveurs de référence du CERT-Renater
http://www.cru.fr/securite
http://www.renater.fr
=========================================================
+ CERT-RENATER          | tel : 01-53-94-20-44          +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41          +
+ 75013 Paris           | email: certsvp@renater.fr     +
=========================================================