Security devices and web interfaces
“Researchers at Project Insecurity have detailed a vulnerability in SOLEO's IP relay technology that disclosed sensitive files on affected installations. For example, the following HTTPS request to a vulnerable service”...
The solution being, don't put a web anything on security devices, remove the http server, remove the http browser, remove the java interpretor etc. and learn to use command-line tools and configuration scripts.
“This vulnerability exists due to the fact that there is improper sanitization on the ‘page’ GET parameter in servlet/IPRelay. A developer should always check for dangerous characters in filenames” ref
2001 is calling and want's its Directory Traversal attack back :]
Biting the hand that feeds IT
