SWEditServlet.Directory.Traversal

description-logoDescription

It indicates a directory traversal vulnerability in Screaming Media SiteWare product.



Screaming Media is a provider for custom web content. SiteWare Editor Desktop is the web-based administration tool for managing Screaming Media content. There exists a vulnerability in some versions of SiteWare Editor Desktop that allows attackers to read arbitrary webserver-readable files on the vulnerable host via special template parameters.

affected-products-logoAffected Products

Any unprotected Screaming Media SiteWare 2.5, 2.5 01, 3.0, 3.0 1, 3.0 2 or 3.1 is vulnerable to the attack.

Impact logoImpact

Attackers can read arbitrary webserver-readable files on the victim system.

recomended-action-logoRecommended Actions

Apply appropriate patches or Upgrade the system to the latest non-vulnerable version.

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2023-01-10 22.472 Name:SWEditServlet.
DirectoryTraversal:SWEditServlet.
Directory.
Traversal
2018-11-20 13.494 Default_action:pass:drop

References

1