BRS WebWeaver Directory Traversal Vulnerability

Bugtraq ID: 2675
Class: Input Validation Error
CVE: CVE-2001-0453
Remote: Yes
Local: No
Published: Apr 28 2001 12:00AM
Updated: Jul 11 2009 06:06AM
Credit: (courtesy joetesta@hushmail.com): Solution: The web server root traversal vulnerabilities can be prevented by removing all user-defined aliases (ie: 'syshelp', 'sysimages') as well as the ISAPI/CGI alias (ie: 'scripts').
Vulnerable: BRS WebWeaver 0.62 beta
BRS WebWeaver 0.61 beta
BRS WebWeaver 0.60 beta
BRS WebWeaver 0.52 beta
BRS WebWeaver 0.51 beta
BRS WebWeaver 0.50 beta
BRS WebWeaver 0.49 beta
Not Vulnerable: BRS WebWeaver 0.63 beta


 

Privacy Statement
Copyright 2010, SecurityFocus