|
Family: Remote file access --> Category: infos
Anaconda Double NULL Encoded Remote File Retrieval Vulnerability Scan
Vulnerability Scan Summary Anaconda Foundation Directory Double NULL Encoded Remote File Retrieval
Detailed Explanation for this Vulnerability Test
The remote Anaconda Foundation Directory contains a flaw
that allows anyone to read arbitrary files with root (super-user)
rights, by embedding a double null byte in a URL, as in :
http://www.example.com/cgi-bin/apexec.pl?etype=odp&template=../../../../../../..../../etc/passwd%%0000.html&passurl=/category/
Solution : Contact your vendor for updated software.
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|