BRS WebWeaver Directory Traversal Vulnerability
|
Bugtraq ID:
|
2675
|
|
Class:
|
Input Validation Error
|
|
CVE:
|
CVE-2001-0453
|
|
Remote:
|
Yes
|
|
Local:
|
No
|
|
Published:
|
Apr 28 2001 12:00AM
|
|
Updated:
|
Jul 11 2009 06:06AM
|
|
Credit:
|
(courtesy joetesta@hushmail.com):
Solution:
The web server root traversal vulnerabilities can be prevented by removing all user-defined aliases (ie: 'syshelp', 'sysimages') as well as the ISAPI/CGI alias (ie: 'scripts').
|
|
Vulnerable:
|
BRS WebWeaver 0.62 beta
BRS WebWeaver 0.61 beta
BRS WebWeaver 0.60 beta
BRS WebWeaver 0.52 beta
BRS WebWeaver 0.51 beta
BRS WebWeaver 0.50 beta
BRS WebWeaver 0.49 beta
|
|
|
|
Not Vulnerable:
|
BRS WebWeaver 0.63 beta
|
|
