CVE-2013-4097

DS3 Authentication Server - Path Traversal via ServerAdmin/TestDRConnection.jsp

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-4097.

AI-analyzed exploit summary This advisory details multiple vulnerabilities in the DS3 Authentication Server, including a post-authentication command execution flaw via the TestTelnetConnection.jsp endpoint, a physical path disclosure in TestDRConnection.jsp, and a user-controllable error message issue. The technical description includes HTTP request/response examples demonstrating the command injection vulnerability.

Description

ServerAdmin/TestDRConnection.jsp in DS3 Authentication Server allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in a -REG-E-OPEN error message.

Exploits (1)

exploitdb WRITEUP
webappshardware
https://www.exploit-db.com/exploits/25976

This advisory details multiple vulnerabilities in the DS3 Authentication Server, including a post-authentication command execution flaw via the TestTelnetConnection.jsp endpoint, a physical path disclosure in TestDRConnection.jsp, and a user-controllable error message issue. The technical description includes HTTP request/response examples demonstrating the command injection vulnerability.

Classification
Writeup 95%
Attack Type
Rce | Info Leak
Complexity
Trivial
Reliability
Reliable
Target: DS3 Authentication Server (unknown version)
Auth required
Prerequisites: Valid authentication credentials · Access to the ServerAdmin interface
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (2)

Core 2

Scores

EPSS 0.0730
EPSS Percentile 93.6%

Details

CWE
CWE-22
Status published
Products (1)
ds3/authentication_server
Published Jun 28, 2013
Tracked Since Feb 18, 2026