| VID |
22100 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
ICQ is a popular and freely available Internet chat system produced by Mirabilis. The ICQ Webserver allows remote attackers to access arbitrary files outside of the user's personal directory.
Example:
http://victim.com/.html/............/config.sys
* References:
http://www.iss.net/security_center/static/2085.php
http://archives.neohapsis.com/archives/bugtraq/1999_2/0028.html |
| Recommendation |
Disable the personal web server within ICQ until Mirabilis can offer a fixed version. |
| Related URL |
CVE-1999-0474 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
