QLogic SANsurfer FC HBA Manager 5.0.1 build 31 Directory Traversal vulnerability

QLogic SANsurfer Fibre Channel (FC) Host Bus Adapter (HBA) Manager uses Fizmez Web Server for the web server component. Fizmez Web Server is vulnerable to directory traversal. The web server is not enabled by default.

Software

Software Link: http://qlogic.com/

Vulnerable Version: 5.0.1 build 31

Vendor Notification: Unnotified

Vulnerabilities

The following proof of concept is available:

Reference

# OWASP: Path Traversal

Appendix

[TXT] QLogic SANsurfer FC HBA Manager 5.0.1 build 31 Directory Traversal vulnerability