iPlanet Directory Server Traversal Arbitrary File Access

medium Nessus Plugin ID 10589

Synopsis

The remote web server is affected by a directory traversal vulnerability.

Description

There is a bug in the remote iPlanet web server that allows a user to read arbitrary files on the remote host.

To exploit this flaw, an attacker needs to prepend '/\../\../' to the file name to read.

Solution

http://www.iplanet.com/downloads/patches/index.html

Plugin Details

Severity: Medium

ID: 10589

File Name: iplanet_dir_serv.nasl

Version: 1.29

Type: remote

Family: Web Servers

Published: 1/8/2001

Updated: 7/12/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 10/26/2000

Reference Information

CVE: CVE-2000-1075

BID: 1839