| VID |
21256 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The Hosting Controller application is vulnerable to a directory traversal vulnerability.
Hosting Controller is an automated administrative hosting tool for Microsoft Windows NT and Windows 2000 servers. Multiple security vulnerabilities in Hosting Controller versions 1.4.1 and earlier could allow a remote attacker to display arbitrary directories and files on the affected Web server. By appending 'filepath=driveletter:\' to a web request, it is possible for an attacker to break out of Web root and browse the filesystem of the Web server.
* References:
http://archives.neohapsis.com/archives/bugtraq/2002-01/0039.html
http://archives.neohapsis.com/archives/bugtraq/2002-05/0168.html
* Platforms Affected:
Hosting Controller 1.4.1 and earlier
Microsoft Windows Any version |
| Recommendation |
Apply the appropriate patches and security hot fixes for 1.x version, available from http://hostingcontroller.com/english/sp/index1Xversion.html |
| Related URL |
CVE-2002-0466,CVE-2002-0775 (CVE) |
| Related URL |
3808 (SecurityFocus) |
| Related URL |
7823 (ISS) |
|
