CVE-2015-9250

Vulnerability

Directory traversal vulnerability exists in Skybox Platform versions prior to 7.5.201. The flaw is located in the /skyboxview/webskybox/attachmentdownload and /skyboxview/webskybox/filedownload endpoints, where the tempFileName parameter is not properly sanitized. This allows an attacker to traverse directories and download files outside the intended directory. The issue affects all versions before 7.5.201 [1].

Exploitation

An attacker can exploit this vulnerability by sending specially crafted HTTP requests to the affected endpoints, manipulating the tempFileName parameter with path traversal sequences (e.g., ../). No authentication is required, as the endpoints appear to be accessible without prior login. The attacker only needs network access to the Skybox Platform web interface [1].

Impact

Successful exploitation allows an attacker to download arbitrary files from the server's filesystem, potentially including sensitive configuration files, credentials, or other confidential data. This leads to information disclosure and could facilitate further attacks against the system [1].

Mitigation

The vulnerability is fixed in Skybox Platform version 7.5.201. Users should upgrade to this version or later. If upgrading is not immediately possible, consider restricting access to the affected endpoints via web server configuration or firewall rules. However, the vendor has released a patch, so upgrading is the recommended mitigation [1].