|
Family: CGI abuses --> Category: infos
SAP Internet Graphics Server Directory Traversal Vulnerability Vulnerability Scan
Vulnerability Scan Summary Attempts to read /etc/passwd
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server is subject to a directory traversal attack.
Description :
It is possible to read arbitrary files on the remote host with the
rights of the web server process by making a request such as :
GET /htdocs/../../../../../../etc/passwd
See also :
http://www.corsaire.com/advisories/c050503-001.txt
http://archives.neohapsis.com/archives/bugtraq/2005-07/0413.html
Solution :
Upgrade to SAP IGS version 6.40 Patch 11 or later as that reportedly
addresses the issue.
Threat Level:
Low / CVSS Base Score : 2
(AV:R/AC:L/Au:NR/C:P/A:N/I:N/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|