Short Name |
HTTP:DIR:CVE-2018-14912-INF-DIS |
---|---|
Severity |
Minor |
Recommended |
Yes |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Cgit Path Parameter Directory Traversal Information Disclosure |
Release Date |
2018/09/06 |
Update Number |
3097 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects directory traversal attempts within HTTP GET or POST of Cgit Web application. Successful exploitation could lead to the disclosure of arbitrary file content which is readable by the web server process from the target server's file system.
cgit_clone_objects in CGit before 1.2.1 has a directory traversal vulnerability when `enable-http-clone=1` is not turned off, as demonstrated by a cgit/cgit.cgi/git/objects/?path=../ request.