Korean

<< Back VID 21179 Severity 30 Port 80, ... Protocol TCP Class CGI Detailed Description The FAQManager.CGI has a directory traversal vulnerability. FAQManager.cgi is a Perl script for maintaining a FAQ (Frequently Asked Questions) via a web interface. It will run on most Unix/Linux and Microsoft Windows platforms. FAQManager does not properly filter certain types of input from incoming web requests. It is possible to make a specially crafted web request containing '../' sequences to break out of wwwroot and display arbitrary web-readable files. Vulnerable versions : FAQManager FAQManager.cgi 2.0 FAQManager FAQManager.cgi 2.1 FAQManager FAQManager.cgi 2.1.1 FAQManager FAQManager.cgi 2.1.2 FAQManager FAQManager.cgi 2.2 FAQManager FAQManager.cgi 2.2.1 FAQManager FAQManager.cgi 2.2.2 FAQManager FAQManager.cgi 2.2.3 FAQManager FAQManager.cgi 2.2.4 FAQManager FAQManager.cgi 2.2.5 FAQManager FAQManager.cgi 2.2.6 Recommendation No remedy available as of June 2014. Disable the service in addition to any patches applied. Related URL (CVE) Related URL 3812 (SecurityFocus) Related URL 7834 (ISS)