| VID |
210154 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
Web server on the host system is vulnerable to main file downloading.
There is a vulnerability that attacker can download main files included in the web server with script. If cgi, jsp, php, php3 programs that download files on the web site does not check download path properly, attackers can open or download main files on the web server through main file name with arbitrary character(../.. etc)
* Platforms Affected:
Any HTTP server Any version
Any operating system Any version |
| Recommendation |
Take the following steps:
1. Limit directories that can be downloaded in the program to specific directory and modify the program to prohibit attackers from searching sub-path(..\).
2. Save the download file name in database. And when download is requested, compare the requested file name with the saved file names. |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
