Sawmill - Arbitrary Directory Browsing

.:: DESCRIPTION ::.
Sawmill is a powerful, hierachical log analysis tool that runs on every major platform. Sawmill is used by a wide variety of clients worldwide, including corporations, educational institutions, government and military organizations, small businesses, libraries, hospitals, non-profit organizations, and individuals.

.:: SUMMARY ::.
Affected Version: 7.0.X, < 7.1.6
Tested Platform: Linux

A security vulnerability has been found in Sawmill version 7.0.X and < 7.1.6 which allows an attacker to browse any directory on the server under the privilege of the web daemon.

.:: DETAILS ::.
Not available to the public or to the users with basic VIA Agent's subscription.

.:: IMPACT ::.
An attacker can leverage on this vulnerability to obtain sensitive information about the server and gain further access or escalate his privilege.

.:: AUTHOR ::.
Phuong Nguyen