|
Family: CGI abuses --> Category: attack
Plain Old Webserver Directory Traversal Vulnerability Vulnerability Scan
Vulnerability Scan Summary Tries to read a file using POW
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server is susceptible to a directory traversal attack.
Description :
The remote host is running Plain Old Webserver, a Firefox extension
that acts as a web server.
The version of Plain Old Webserver (pow) installed on the remote host
fails to sanitize the URL of directory traversal sequences. An
unauthenticated attacker can exploit this to read files on the
affected host subject to the permissions of the user id under which
Firefox runs.
See also :
http://archives.neohapsis.com/archives/fulldisclosure/2007-02/0197.html
Solution :
Unknown at this time.
Threat Level:
Low / CVSS Base Score : 2.3
(AV:R/AC:L/Au:NR/C:P/I:N/A:N/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|