Bullwark Momentum Series JAWS Directory Traversal Vulnerability

A directory traversal vulnerability has been identified in Bullwark Momentum Series JAWS version 1.0. This vulnerability allows unauthenticated attackers to access sensitive system files by manipulating HTTP request paths. Exploitation involves sending crafted GET requests that include multiple '../' sequences to read files such as /etc/passwd, bypassing the web root directory.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive system files, potentially allowing attackers to gain further insights into the system or application environment.

Reproduction

The vulnerability can be reproduced by sending a GET request that includes a series of '../' sequences in the request path. This request should be directed to the Bullwark Momentum Series JAWS 1.0 web server. The crafted request will traverse directories and access files outside the web root, such as /etc/passwd.