BiblioWeb Server Directory Traversal Vulnerability
BID:2373
Info
BiblioWeb Server Directory Traversal Vulnerability
| Bugtraq ID: | 2373 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | Yes |
| Published: | Feb 05 2001 12:00AM |
| Updated: | Feb 05 2001 12:00AM |
| Credit: | Reported to bugtraq by [email protected] on 5 Feb, 2001 |
| Vulnerable: |
BiblioScape BiblioWeb Server 2.0 |
| Not Vulnerable: | |
Discussion
BiblioWeb Server Directory Traversal Vulnerability
BiblioWeb Server 2.0 is susceptible to directory traversal attacks.
By inserting '/../' sequences into requests submitted via HTTP, allowing access to files outside the webserver's directory tree in the host's filesystem.
BiblioWeb Server 2.0 is susceptible to directory traversal attacks.
By inserting '/../' sequences into requests submitted via HTTP, allowing access to files outside the webserver's directory tree in the host's filesystem.
Exploit / POC
BiblioWeb Server Directory Traversal Vulnerability
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution / Fix
BiblioWeb Server Directory Traversal Vulnerability
Solution:
Currently the SecurityFocus staff are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently the SecurityFocus staff are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
BiblioWeb Server Directory Traversal Vulnerability
References:
References: