Fastraq Mailtraq 1.1.4 Multiple Path Vulnerabilities
BID:1278
Info
Fastraq Mailtraq 1.1.4 Multiple Path Vulnerabilities
| Bugtraq ID: | 1278 |
| Class: | Access Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 22 2000 12:00AM |
| Updated: | Mar 22 2000 12:00AM |
| Credit: | Discovered by Slash <[email protected]> and publicized in a buffer0verfl0w security advisory (#1) on March 22, 2000. |
| Vulnerable: |
Fastraq Mailtraq 1.1.4 |
| Not Vulnerable: |
Fastraq Mailtraq 1.1.5 |
Discussion
Fastraq Mailtraq 1.1.4 Multiple Path Vulnerabilities
A remote user may browse any known directory on a host running Fastraq Mailtraq 1.1.4 by making a URL request that includes the '../' string.
In addition, requesting a URL appended with "../" and an unusually long character string will return an error message disclosing the full path of the Mailtraq installation directory.
A remote user may browse any known directory on a host running Fastraq Mailtraq 1.1.4 by making a URL request that includes the '../' string.
In addition, requesting a URL appended with "../" and an unusually long character string will return an error message disclosing the full path of the Mailtraq installation directory.