Pasar al contenido principal

2018-004: Traversal Directory en VPN de la UAM (Universidad Autónoma de Madrid)

2018-004: Traversal Directory en VPN de la UAM (Universidad Autónoma de Madrid)

Original release date: 09/08/2018
Last revised: 09/08/2018
Discovered by: Jorge Lajara
Severity: 5.0 CVSSv2
Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)


The Remote Access Service (VPN) of the UAM (Universidad Autónoma de Madrid) is vulnerable to CVE-2018-0296.


The vulnerability is due to lack of proper input validation of the HTTP URL. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. An exploit could allow the attacker to cause a DoS condition or unauthenticated disclosure of information. This vulnerability applies to IPv4 and IPv6 HTTP traffic.


1) Navigate to
2) Do a Request to to list active sessions.
3) Check the response.

When a user search an image, generates a link as the following:

The "url" parameter is not properly validated, so an open redirect can be exploited through this parameter.

Only this parameter is mandatory, so we can exclude some parameters in the GET request because not affect the expected results:

How to reproduce the vulnerability:

1. Select the malicious URL
For example:

2. Create the URL redirection to avoid the Google alert message

For example:

3. Encode the URL redirection

For that, we can use some service as "".

For example:

4. Create the final URL without Google alert


An attacker can cause a denial of service or optain arbitrary information through directory traversal techniques.





09/08/2018 : Initial release


  • 27/07/2018 : Vulnerability acquired by Internet Security Auditors (
  • 27/07/2018 : Contact with UAM Security Team.
  • 07/08/2018 : Vulnerability fixed by UAM Security Team.


The information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise. Internet Security Auditors accepts no responsibility for any damage caused by the use or misuse of this information.


Internet Security Auditors is a Spain and Colombia based company leader in web application testing, network security, penetration testing, security compliance implementation and assessing. Our clients include some of the largest companies in areas such as finance, telecommunications, insurance, ITC, etc. We are vendor independent provider with a deep expertise since 2001. Our efforts in R&D include vulnerability research, open security project collaboration and whitepapers, presentations and security events participation and promotion. For further information regarding our security services, contact us.