Strix
26.1K

CVE-2006-4140

UnknownEPSS 4.16%

Last modified

CVE-2006-4140 is a vulnerability of currently unknown severity. Directory traversal vulnerability in IPCheck Server Monitor before 5.3.3.639/640 allows remote attackers to read arbitrary files via modified .. (dot dot) sequences in the URL, including (1) "..%2f" (encoded "/" slash), "..../" (multiple dot), and "..%255c../" (double-encoded "\" backslash).. EPSS estimates a 4.16% chance of exploitation in the next 30 days.

Description

Directory traversal vulnerability in IPCheck Server Monitor before 5.3.3.639/640 allows remote attackers to read arbitrary files via modified .. (dot dot) sequences in the URL, including (1) "..%2f" (encoded "/" slash), "..../" (multiple dot), and "..%255c../" (double-encoded "\" backslash).

Metrics

EPSS Probability
4.16%

89.6th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

VendorProductVersions
IpcheckServer Monitor4.3.1.368
IpcheckServer Monitor4.3.1.382
IpcheckServer Monitor4.4.1.521
IpcheckServer Monitor4.4.1.522
IpcheckServer Monitor5.0.1.272
IpcheckServer Monitor5.0.1.299
IpcheckServer Monitor5.0.1.309
IpcheckServer Monitor5.0.1.321
IpcheckServer Monitor5.1.0.341
IpcheckServer Monitor5.1.0.342
IpcheckServer Monitor5.1.0.345
IpcheckServer Monitor5.2.0.404
IpcheckServer Monitor5.2.0.405
IpcheckServer Monitor5.2.0.418
IpcheckServer Monitor5.2.0.420
IpcheckServer Monitor5.2.2.449
IpcheckServer Monitor5.2.2.451
IpcheckServer Monitor5.3.0.506
IpcheckServer Monitor5.3.0.507
IpcheckServer Monitor5.3.0.508
IpcheckServer Monitor5.3.0.509
IpcheckServer Monitor5.3.1.574
IpcheckServer Monitor5.3.1.575
IpcheckServer Monitor5.3.1.578
IpcheckServer Monitor5.3.1.579
IpcheckServer Monitor5.3.1.580
IpcheckServer Monitor5.3.1.581
IpcheckServer Monitor5.3.1.586
IpcheckServer Monitor5.3.1.587
IpcheckServer Monitor5.3.2.605
IpcheckServer Monitor5.3.2.606
IpcheckServer Monitor5.3.2.609
IpcheckServer Monitor5.3.2.610
IpcheckServer Monitor5.3.2.616
IpcheckServer Monitor5.3.2.617

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2006-4140?
Directory traversal vulnerability in IPCheck Server Monitor before 5.3.3.639/640 allows remote attackers to read arbitrary files via modified .. (dot dot) sequences in the URL, including (1) "..%2f" (encoded "/" slash), "..../" (multiple dot), and "..%255c../" (double-encoded "\" backslash).
How severe is CVE-2006-4140?
Severity scoring for CVE-2006-4140 is pending analysis. The EPSS model estimates a 4.16% probability of exploitation in the next 30 days.
How do I fix CVE-2006-4140?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2006-4140?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST