| VID |
21170 |
| Severity |
30 |
| Port |
80, ¡¦ |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The "apexec.pl" CGI is installed. Ananconda Foundation Directory is a search engine that allows Web site operators to integrate content into their own Web site's theme. The apexec.pl script of Anaconda Foundation Directory could allow a remote attacker to traverse directories on the Web server, due to insufficient checks performed on parameters passed to apexec.pl through the "template" argument. A remote attacker can send an HTTP GET request with "dot dot" sequences (/../) to traverse directories and gain read access to sensitive files on the Web server with the privileges of the http daemon (usually root or nobody). |
| Recommendation |
The versions of Anaconda Foundation Directory 1.5 and higher are not susceptible to this vulnerability. It is recommended to upgrade to the latest version of Anaconda Foundation Directory. |
| Related URL |
CVE-2000-0975 (CVE) |
| Related URL |
2338 (SecurityFocus) |
| Related URL |
5750 (ISS) |
|
