Detections
Analytics

J Walk Application Server Encoded Directory Traversal Arbitrary File Access

medium Nessus Plugin ID 11467

Language:

Synopsis

A web application on the remote host has a directory traversal vulnerability.

Description

The version of J Walk running on the remote host has a directory traversal vulnerability. It is possible to read arbitrary files by prepending '.%252e/.%2523' to a filename. A remote attacker could exploit this to read sensitive information that might be used to mount further attacks.

Solution

Upgrade to J Walk 3.3c4 or later.

See Also

https://seclists.org/bugtraq/2003/Mar/348

Plugin Details

Severity: Medium

ID: 11467

File Name: jwalk_traversal.nasl

Version: 1.24

Type: remote

Family: CGI abuses

Published: 3/25/2003

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.4

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2003-1529

Vulnerability Information

CPE: cpe:/a:seagull_software_systems:j_walk_application_server

Exploit Available: true

Exploit Ease: No exploit is required

Vulnerability Publication Date: 3/20/2003

Reference Information

CVE: CVE-2003-1529

BID: 7160

CWE: 22

SECUNIA: 8411