Son hServer URI Traversal Arbitrary File/Directory Access
Remote / Network Access
Loss of Confidentiality,
Loss of Integrity
Son hServer contains a flaw that allows a remote attacker to access arbitrary files and directories outside of the web path. The issue is due to the server not properly sanitizing user input, specifically traversal style attacks (../../) supplied via URI.
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.
Discovery of this vulnerability credited to D4rkGr3y <email@example.com>.
Super-M Son hServer 0.2
It has been announced that Super-M Son hServer is vulnerable to a condition that may result in the disclosure of potentially sensitive information.
According to the report, Son hServer does not perform sufficient sanitization on client requested paths which include ".|./" character sequences.
This vulnerability may be exploited using a web browser.
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: firstname.lastname@example.org <mailto:email@example.com>.