| VID |
22385 |
| Severity |
30 |
| Port |
8080, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The Polipo caching web proxy permits access to files outside the Web root. Polipo is a caching Web proxy for Mac OS X and Linux-based operating systems. The built-in web server version 0.9.8 and earlier versions of Polipo could allow a remote attacker to read files located outside the local web root. A remote attacker could exploit this flaw to view arbitrary files outside of the web root directory with the privileges of the Web service.
* References:
http://sourceforge.net/mailarchive/forum.php?thread_id=6845581&forum_id=36515
http://www.pps.jussieu.fr/~jch/software/polipo/CHANGES.text
http://secunia.com/advisories/16978/
* Platforms Affected:
Juliusz Chroboczek, Polipo version 0.9.8 and earlier versions
Apple Mac OS X Any version
Linux Any version |
| Recommendation |
Upgrade to the latest version of Polipo (0.9.9 or later), available from the Polipo Web site at http://www.pps.jussieu.fr/~jch/software/polipo/ |
| Related URL |
CVE-2005-3163 (CVE) |
| Related URL |
14970 (SecurityFocus) |
| Related URL |
22444 (ISS) |
|
