CVE-2012-4991

Axway SecureTransport <5.1 SP2 - Path Traversal

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-4991. PoCs published by Sebastian Perez.

AI-analyzed exploit summary This is a writeup describing a path traversal vulnerability in Axway SecureTransport versions 5.1 SP2 and earlier. The vulnerability allows remote attackers to access, read, download, delete, and upload arbitrary files using encoded backslash characters (%5c) in the path.

Description

Multiple directory traversal vulnerabilities in Axway SecureTransport 5.1 SP2 and earlier allow remote authenticated users to (1) read, (2) delete, or (3) create files, or (4) list directories, via a ..%5C (encoded dot dot backslash) in a URI.

Exploits (1)

exploitdb WRITEUP
by Sebastian Perez · textwebappswindows
https://www.exploit-db.com/exploits/23324

This is a writeup describing a path traversal vulnerability in Axway SecureTransport versions 5.1 SP2 and earlier. The vulnerability allows remote attackers to access, read, download, delete, and upload arbitrary files using encoded backslash characters (%5c) in the path.

Classification
Writeup 100%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Axway SecureTransport versions 5.1 SP2 and earlier
Auth required
Prerequisites: Access to the target system · Valid credentials for authentication
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References
Exploit, Third Party Advisory exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/23324/

Scores

EPSS 0.0455
EPSS Percentile 90.4%

Details

CWE
CWE-22
Status published
Products (1)
axway/securetransport < 5.1
Published Dec 13, 2012
Tracked Since Feb 18, 2026