Vulnerability: The IBM alphaWorks TFTP Server for Java available at http://alphaworks.ibm.com/tech/TFTP is vulnerable to a standard directory traversal attack (i.e. ../../). Vendor Response: The vendor was contacted on 19 June 2001 and responded on 20 June 2001 as follows: "We will take a look at the issue and fix it as soon as possible". Further correspondence requesting when a fix will be released has been ignored. Solution: None.
- Re: IBM TFTP Server for Java vulnerability Patrick Medhurst
- Re: IBM TFTP Server for Java vulnerability John Schultz
- Re: IBM TFTP Server for Java vulnerability David Howe
- Re: IBM TFTP Server for Java vulnerability John Schultz
- RE: IBM TFTP Server for Java vulnerability McHugh, Sean
