Detections
Analytics

WebAPP Directory Traversal

medium Nessus Plugin ID 14365

Language:

Synopsis

The remote web server contains a CGI script that is susceptible to directory traversal attacks.

Description

There is a flaw in the remote version of WebApp fails to filter directory traversal sequences from the 'viewcat' parameter of the 'index.cgi' script. An unauthenticated attacker can leverage this issue to read arbitrary files on the remote host with the privileges of the web server process.

Solution

Apply the fix provided by the vendor.

See Also

http://cornerstone.web-app.org/cgi-bin/index.cgi?action=downloads&cat=updates

https://marc.info/?l=bugtraq&m=109336268002879&w=2

Plugin Details

Severity: Medium

ID: 14365

File Name: webapp_dir_traversal.nasl

Version: 1.18

Type: remote

Family: CGI abuses

Published: 8/24/2004

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.2

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No exploit is required

Vulnerability Publication Date: 8/24/2004

Reference Information

CVE: CVE-2004-1742

BID: 11028