Unauthenticated Directory Traversal Vulnerability in Axway File Transfer Direct 2.7.1

CVE-2019-6500 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

In Axway File Transfer Direct 2.7.1, an unauthenticated Directory Traversal vulnerability can be exploited by issuing a specially crafted HTTP GET request with %2e instead of '.' characters, as demonstrated by an initial /h2hdocumentation//%2e%2e/ substring.

Learn more about our Web Application Penetration Testing UK.