| VID |
21156 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The "webspirs.cgi" CGI is installed. WebSPIRS is a CGI script that is used to search SilverPlatter's Electronic Reference databases over the Internet.
Anyway, All versions of WebSPIRS could allow a remote attacker to traverse directories on the Web server, due to insufficient validation of user input. A remote attacker can submit a specially-crafted URL containing "dot dot" sequences (/../) followed by the directory path and a known file name to traverse directories and view any known file on the system with the privileges of the http daemon (usually root or nobody). |
| Recommendation |
No remedy available as of June 2014. Disable or remove the CGI. |
| Related URL |
CVE-2001-0211 (CVE) |
| Related URL |
2362 (SecurityFocus) |
| Related URL |
6101 (ISS) |
|
