| VID |
21178 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
There is ftp.pl CGI in the web server. This CGI helps to list the directory contents from the exterior.
For example, in case you request like this,
http://target/cgi-bin/ftp/ftp.pl?dir=../../../../../../etc
you can see the file list of "/etc" directory. |
| Recommendation |
Remove the ftp.pl file from /cgi-bin directory
¡Ø refer to http://www.feartech.com/vv/ftp.shtml for Patch |
| Related URL |
CVE-2000-0674 (CVE) |
| Related URL |
1471 (SecurityFocus) |
| Related URL |
5187 (ISS) |
|
