|
Family: Misc. --> Category: attack
Polipo Local Web Root Restriction Bypass Vulnerability Vulnerability Scan
Vulnerability Scan Summary Checks for local web root restriction bypass vulnerability in Polipo
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server may expose files outside the local web root.
Description :
The remote host is running the Polipo caching web proxy. In addition to
caching web pages, the software also functions as a web server for
providing access to documentation, cached pages, etc.
The built-in web server in the installed version of Polipo fails to
filter directory traversal sequences from requests. By exploiting this
issue, a possible hacker may be able to retrieve files located outside the
local web root, subject to the rights of the userid under which
Polipo runs.
See also :
http://sourceforge.net/mailarchive/forum.php?thread_id=6845581&forum_id=36515
http://www.pps.jussieu.fr/~jch/software/polipo/CHANGES.text
Solution :
Upgrade to Polipo 0.9.9 or later.
Threat Level:
Medium / CVSS Base Score : 5
(AV:R/AC:L/Au:NR/C:C/A:N/I:N/B:C)
Click HERE for more information and discussions on this network vulnerability scan.
|