|
Family: Web Servers --> Category: attack
iPlanet Directory Server traversal Vulnerability Scan
Vulnerability Scan Summary /\../\../\file.txt
Detailed Explanation for this Vulnerability Test
Synopsis :
It is possible to read arbitrary files on the remote host due
to a bug in the iPlanet web server.
Description :
There is a bug in the remote web server which allows a user to
misuse it to read arbitrary files on the remote host.
To exploit this flaw, a possible hacker needs to prepend '/\../\../'
in front on the file name to read.
Solution :
http://www.iplanet.com/downloads/patches/index.html
Threat Level:
Medium / CVSS Base Score : 4
(AV:R/AC:L/Au:NR/C:P/A:N/I:N/B:C)
Click HERE for more information and discussions on this network vulnerability scan.
|