Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
HTTP:DIR:HTTP-REQUEST-HDR |
|---|---|
Severity |
Minor |
Recommended |
No |
Category |
HTTP |
Keywords |
Directory Traversal in HTTP Request |
Release Date |
2008/08/08 |
Update Number |
1236 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
HTTP: Directory Traversal in HTTP Request
This signature detects attempts to exploit a known flaw in HTTP request headers. A successful attack can result in directory traversal attacks.
Extended Description
CGI::Session is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data. Exploiting the issue may allow an attacker to obtain sensitive information that could aid in further attacks. CGI::Session 3.94, 3.95, and 4.33 are vulnerable; other versions may also be affected.
Affected Products
- Freestyle_wiki fswiki 3.6.2
- Freestyle_wiki fswiki 3.6.3dev3
- Sherzod_ruzmetov cgi::session 3.94
- Sherzod_ruzmetov cgi::session 3.95
- Sherzod_ruzmetov cgi::session 4.33
References
- BugTraq: 11190
- BugTraq: 28278
- BugTraq: 51174
- BugTraq: 30267
- BugTraq: 99169
- CVE: CVE-2014-8741
- CVE: CVE-2004-0959
- CVE: CVE-2013-6810
- CVE: CVE-2013-6221
- CVE: CVE-2015-0781
- CVE: CVE-2015-1830
- CVE: CVE-2016-0490
- CVE: CVE-2004-0959
- CVE: CVE-2014-2314
- CVE: CVE-2016-8204
- CVE: CVE-2008-1000
- CVE: CVE-2020-8599
- CVE: CVE-2014-6036
- CVE: CVE-2019-2618
- CVE: CVE-2011-4166
- CVE: CVE-2017-4997
- CVE: CVE-2016-1593
- CVE: CVE-2018-10357
- URL: https://success.trendmicro.com/solution/1119811
- URL: http://vuln.sg/cgisession433-en.html
- URL: http://support.lexmark.com/index?page=content&id=TE666&locale=EN&userlocale=EN_US
- URL: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03128469