|
Family: CGI abuses --> Category: infos
WebAPP Directory Traversal Vulnerability Scan
Vulnerability Scan Summary Checks for a directory traversal bug in WebAPP
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains a CGI script that is susceptible to
directory traversal attacks.
Description :
There is a flaw in the remote version of WebApp fails to filter
directory traversal sequences from the 'viewcat' parameter of the
'index.cgi' script. An unauthenticated attacker can leverage this
issue to read arbitrary files on the remote host with the rights
of the web server process.
See also :
http://marc.theaimsgroup.com/?l=bugtraq&m=109336268002879&w=2
http://cornerstone.web-app.org/cgi-bin/index.cgi?action=downloads&cat=updates
Solution :
Apply the fix provided by the vendor.
Risk factor:
Low / CVSS Base Score : 2
(AV:R/AC:L/Au:NR/C:P/A:N/I:N/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|