

<p class="MsoNormal"><span style="font-size: 10pt; font-family: Arial;">Synopsis:

APC PowerChute Network Shutdown 2.21 is vulnerable to directory transversal</span></p>


<p class="MsoNormal"><span style="font-size: 10pt; font-family: Arial;">&nbsp;<br>Background:

APC PowerChute Network Shutdown is used to perform graceful shutdowns of

network servers from one main server.</span></p>


<p class="MsoNormal"><span style="font-size: 10pt; font-family: Arial;">&nbsp;<br>Affected

Versions: &lt;= 2.21 build 116</span></p>


<p class="MsoNormal"><span style="font-size: 10pt; font-family: Arial;">&nbsp;<br>Description:

APC PowerChute Network Shutdown is vulnerable to a directory transversal by appending

special characters such as %5c and %2e to the end of a URL.<span style="">&nbsp; </span>This is due to an existing vulnerability in

Acme.Serve which is a Java HTTP server which PowerChute Network Shutdown is

built on.</span></p>


<p class="MsoNormal"><span style="font-size: 10pt; font-family: Arial;">&nbsp;<br>Vendor

Notified April 9<sup>th</sup> 2007</span></p>Vendor Response April 10th 2007 &quot;A fix is being worked on for the next release.&quot;<br><br>April 25th 2007 Spoke to vendor again, no ETA.<br><br>May 3rd 2007 No ETA.<br>

<br>June 1st 2007 No ETA.<br>


<p class="MsoNormal"><span style="font-size: 10pt; font-family: Arial;">&nbsp;<br>Reference:

CVE-2001-0748</span></p>


<p class="MsoNormal"><span style="font-size: 10pt; font-family: Arial;"><a href="http://xforce.iss.net/xforce/xfdb/6634">http://xforce.iss.net/xforce/xfdb/6634</a></span></p>


<p class="MsoNormal"><span style="font-size: 10pt; font-family: Arial;"><a href="http://www.securityfocus.com/bid/2809">http://www.securityfocus.com/bid/2809</a></span></p>


<p class="MsoNormal"><span style="font-size: 10pt; font-family: Arial;"><a href="http://www.apc.com/products/family/index.cfm?id=127">http://www.apc.com/products/family/index.cfm?id=127</a></span></p>


<p class="MsoNormal"><span style="font-size: 10pt; font-family: Arial;"><a href="http://www.acme.com/java/software/Acme.Serve.Serve.html">http://www.acme.com/java/software/Acme.Serve.Serve.html</a></span></p><br><p class="MsoNormal">

<br></p><p class="MsoNormal">Chris Castaldo<br></p><p class="MsoNormal">&quot;An ounce of prevention is worth a pound of cure.&quot;


</p>