CVE-2020-13158
📋 TL;DR
This directory traversal vulnerability in Artica Proxy allows attackers to read arbitrary files on the server by manipulating the popup parameter in fw.progrss.details.php. It affects Artica Proxy Community Edition installations before version 4.30.000000. Attackers can potentially access sensitive configuration files, credentials, or other system files.
💻 Affected Systems
- Artica Proxy Community Edition
📦 What is this software?
Artica Proxy by Articatech
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise through reading sensitive files like configuration files containing credentials, SSH keys, or database passwords, potentially leading to lateral movement or data exfiltration.
Likely Case
Information disclosure of sensitive files, potentially exposing credentials, configuration details, or other proprietary information stored on the server.
If Mitigated
Limited impact with proper file permissions and access controls preventing reading of critical system files.
🎯 Exploit Status
Simple directory traversal attack requiring only web access to the vulnerable endpoint.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 4.30.000000
Vendor Advisory: https://github.com/InfoSec4Fun/CVE-2020-13158
Restart Required: Yes
Instructions:
1. Backup current configuration. 2. Download Artica Proxy version 4.30.000000 or later from official sources. 3. Follow vendor upgrade instructions. 4. Restart Artica Proxy service. 5. Verify the fix by testing the vulnerable endpoint.
🔧 Temporary Workarounds
Input Validation Filter
linuxAdd input validation to reject directory traversal sequences in the popup parameter
Modify fw.progrss.details.php to filter '../' and similar sequences
Web Application Firewall Rule
allBlock requests containing directory traversal patterns
Add WAF rule to block requests with '../' or similar patterns in URL parameters
🧯 If You Can't Patch
- Implement strict file permissions to limit readable files to only those necessary for application functionality
- Deploy network segmentation to restrict access to Artica Proxy from untrusted networks
🔍 How to Verify
Check if Vulnerable:
Test by accessing /fw.progrss.details.php?popup=../../../etc/passwd and checking if file contents are returnedCheck Version:
Check Artica Proxy web interface or run: cat /usr/share/artica-postfix/LOCAL | grep VERSIONVerify Fix Applied:
Attempt the same directory traversal test after patching; should return error or sanitized output📡 Detection & Monitoring
Log Indicators:
- HTTP requests to fw.progrss.details.php with '../' sequences in parameters
- Unusual file access patterns in web server logs
Network Indicators:
- HTTP GET requests containing directory traversal patterns in URL parameters
SIEM Query:
source="web_logs" AND uri="*fw.progrss.details.php*" AND (query="*../*" OR query="*..\\*" OR query="*%2e%2e%2f*")