| VID |
21166 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The 'hsx.cgi' CGI is installed.
Hyperseek 2000 Search Engine could allow a remote attacker to traverse directories on the Web server, due to improper filtering in the hsx.cgi script. The hsx.cgi script fails to properly filter strings containing "dot dot" sequences (/../) and "%00" escaped characters from URL requests. A remote attacker can send a specially-crafted URL to traverse directories and view files and directories on the Web server with the privileges of the http daemon (usually root or nobody). |
| Recommendation |
No remedy available as of June 2014. Remove it from /cgi-bin. |
| Related URL |
CVE-2001-0253 (CVE) |
| Related URL |
2314 (SecurityFocus) |
| Related URL |
6012 (ISS) |
|
