Vulnerability Assessment & Network Security Forums



If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.


Home >> Browse Vulnerability Assessment Database >> CGI abuses >> Interactive Story Directory Traversal Vulnerability


Vulnerability Assessment Details

Interactive Story Directory Traversal Vulnerability

Vulnerability Assessment Summary
Searches for the existence of /cgi-bin/story.pl

Detailed Explanation for this Vulnerability Assessment
It is possible to read arbitrary files on
the remote server by requesting :

GET /cgi-bin/story.pl?next=../../../file_to_read%00

A possible hacker may use this flaw to read arbitrary files on
this server.

Solution: Upgrade story.pl to the latest version (1.4 or later).
Network Security Threat Level: High

Networks Security ID: 3028

Vulnerability Assessment Copyright: This script is Copyright (C) 2001 Alert4Web.com

Cables, Connectors

Intel Xeon Silver 4109T SR3GP 8-Core 2.00GHz 11MB L3 FCLGA3647 PROCESSOR #HR5341
$349.99
Intel Xeon Silver 4109T SR3GP 8-Core 2.00GHz 11MB L3 FCLGA3647 PROCESSOR #HR5341 pictureIntel Xeon Silver 4109T SR3GP 8-Core 2.00GHz 11MB L3 FCLGA3647 PROCESSOR #HR5353
$325.0
Intel Xeon Silver 4109T SR3GP 8-Core 2.00GHz 11MB L3 FCLGA3647 PROCESSOR #HR5353 pictureIntel Xeon E5-2640v3 SR205 8-Core 2.60GHz 8.00GT/s QPI 20MB FCLGA2011-3 #HR5307
$245.0
Intel Xeon E5-2640v3 SR205 8-Core 2.60GHz 8.00GT/s QPI 20MB FCLGA2011-3 #HR5307 pictureIntel Xeon E7-8890v3 SR21V 8-Core 2.50GHz 9.60GT/s QPI 45MB Last Level LGA2011
$499.99
Intel Xeon E7-8890v3 SR21V 8-Core 2.50GHz 9.60GT/s QPI 45MB Last Level LGA2011 picture


Discussions

No Discussions have been posted on this vulnerability.