Date: Fri, 20 Jul 2001 13:31:11 +0200
From: Patrick Medhurst <[email protected]>
To: [email protected]Subject: IBM TFTP Server for Java vulnerability
Vulnerability:
The IBM alphaWorks TFTP Server for Java available at http://alphaworks.ibm.=
com/tech/TFTP is vulnerable to a standard directory traversal attack =
(i.e. ../../).
Vendor Response:
The vendor was contacted on 19 June 2001 and responded on 20 June 2001 as =
follows:
"We will take a look at the issue and fix it as soon as possible".
Further correspondence requesting when a fix will be released has been =
ignored.
Solution:
None.
