Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: CGI abuses --> Category: infos

ht://Dig's htsearch potential exposure/dos Vulnerability Scan

Vulnerability Scan Summary

Detailed Explanation for this Vulnerability Test

The remote CGI htsearch allows the user to supply his own
configuration file using the '-c' switch, as in :


This file is not displayed by htsearch. However, if an
attacker manages to upload a configuration file to the remote
server, it may make htsearch read arbitrary files on the remote host.

A possible hacker may also use this flaw to exhaust the resources on the
remote host by specifying /dev/zero as a configuration file.

Solution: Upgrade to ht://Dig 3.1.6 or newer

Threat Level: High

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.