Path traversal attack poses a major risk to web application security. Do not contempt! Jan 2020.

Technical background: A layer 7 load-balancer takes routing decision based on IPs, TCP or UDP ports or any information it can get from the application protocol (mainly HTTP). It is a Linux operating system based of machine. HTTP and HTTPS are the predominant Layer 7 protocol for website traffic on the Internet. A path traversal attack (also known as directory traversal) aims to access files and directories that are stored outside the web root folder.

Vulnerability: An issue was discovered in Citrix Application Delivery Controller (formly Netscaler) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. They allow Directory Traversal. If this vulnerability exploited, could allow an unauthenticated attacker to perform arbitrary code execution. The fact is that it will impact the back end, perhaps it is a web portal or web server cluster. The Cybersecurity and Infrastructure Security Agency (CISA) has released a utility to conduct a test on specific product.

For more details, please refer to url.