Short Name |
HTTP:CGI:CAREY-COMMERCE-DIR-TRV |
---|---|
Severity |
Minor |
Recommended |
No |
Category |
HTTP |
Keywords |
Carey Internet commerce.cgi Directory Traversal |
Release Date |
2003/04/22 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects directory traversal attempts that exploit the commerce.cgi script vulnerability in the Carey Internet Services package. Attackers can send maliciously crafted URLs to the server to read arbitrary files.
It is possible for a remote user to gain read access to directories and files outside the root directory of Carey Internet Services Commerce.cgi. Requesting a specially crafted URL composed of '/../%00' along with the known filename or directory will disclose the requested resource.