|
|
Vulnerability Assessment & Network Security Forums |
|||||||||
|
If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important. If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery. Home >> Browse Vulnerability Assessment Database >> CGI abuses >> ht://Dig's htsearch potential exposure/dos Vulnerability Assessment Details
|
ht://Dig's htsearch potential exposure/dos |
||
|
htsearch?-c/nonexistent Detailed Explanation for this Vulnerability Assessment The remote CGI htsearch permits the user to supply his own configuration file using the '-c' switch, as in : /cgi-bin/htsearch?-c/some/config/file This file is not displayed by htsearch. However, if an attacker manages to upload a configuration file to the remote server, it may make htsearch read arbitrary files on the remote host. A possible hacker may also use this flaw to exhaust the resources on the remote host by specifying /dev/zero as a configuration file. Solution: Upgrade to ht://Dig 3.1.6 or newer (http://www.htdig.org/files/snapshots/) Network Security Threat Level: High Networks Security ID: 3410 Vulnerability Assessment Copyright: Copyright (C) 2001 Renaud Deraison |
||
|
Switch Components, Memory |
|
||
|
No Discussions have been posted on this vulnerability. |