Vulnerability fixed in BitDefender Update Server

Issue:

An issue has been identified in a component of BitDefender update server (CVE-2008-0396). Successful exploit of the vulnerability may allow read access to files outside of the application's root directory with named privileges.

This issue only affects customers hosting their own internal BitDefender Update server. Customers updating directly from BitDefender are not affected. Additionally, this issue does not affect any Consumer product such as BitDefender Total Security, BitDefender Internet Security or BitDefender Antivirus.

The risk level of this vulnerability is low and at this moment no known malicious exploit has been observed in the wild.

Solution:

BitDefender acknowledged the vulnerability on January 17, 2008 and released a patch on January 24, 2008.

In order to fix this issue, please use the link below to download the httpsvrpch.exe patch and install it on your server.

Bookmark this Page

Rate this article

Software Applications:
BitDefender Enterprise Manager, BitDefender Security for File Servers, BitDefender Security for ISA Servers, BitDefender Security for Mail Servers (Windows), BitDefender Security for SharePoint

Operating systems:
Windows 2000, Windows 2003, Windows Me, Windows NT, Windows XP

Solution ID: 421	Created on 30 Jan 2008 08:48
Language: English	Modified on 30 Jan 2008 10:18

Useful Links

Advanced Search

Contact BitDefender

Vulnerability fixed in BitDefender Update Server

Issue:

Solution:

MyBitDefender Login