Vulnerability fixed in BitDefender Update Server
Summary:
An issue has been identified in a component of BitDefender update server (CVE-2008-0396). Successful exploit of the vulnerability may allow read access to files outside of the application's root directory with named privileges.
This issue only affects customers hosting their own internal BitDefender Update server. Customers updating directly from BitDefender are not affected. Additionally, this issue does not affect any Consumer product such as BitDefender Total Security, BitDefender Internet Security or BitDefender Antivirus.
The risk level of this vulnerability is low and at this moment no known malicious exploit has been observed in the wild.
This issue only affects customers hosting their own internal BitDefender Update server. Customers updating directly from BitDefender are not affected. Additionally, this issue does not affect any Consumer product such as BitDefender Total Security, BitDefender Internet Security or BitDefender Antivirus.
The risk level of this vulnerability is low and at this moment no known malicious exploit has been observed in the wild.
Detailed description:
BitDefender acknowledged the vulnerability on January 17, 2008 and released a patch on January 24, 2008.
In order to fix this issue, please use the link below to download the httpsvrpch.exe patch and install it on your server.
In order to fix this issue, please use the link below to download the httpsvrpch.exe patch and install it on your server.
Print
Bookmark this Page
Rate this article
Software Applications:
BitDefender Enterprise Manager
Operating systems:
Windows 2000, Windows 2003, Windows Me, Windows NT, Windows XP
BitDefender Enterprise Manager
Operating systems:
Windows 2000, Windows 2003, Windows Me, Windows NT, Windows XP
| Solution ID: 421 | Created on 30 Jan 2008 08:48 |
| Language: English | Modified on 08 Jul 2009 11:46 |
