HTTP: AltaVista Search Engine Directory Traversal

This signature detects attempts to exploit a known vulnerability in the AltaVista Search engine. The search engine sets up a Web server at port 9000 that listens for search queries. The search function accepts a single "../" string in the query, providing access to the parent, or "http" directory. This directory typically contains administrative documents that can include the password for the remote administration utility, which is base-64 encoded. Attackers can send multiple "../" strings in hex code (for example, "%2e%2e%2f") in a query to access the remote administration utility password and gain full remote administration abilities.

Extended Description

The AltaVista Search engine sets up a webserver at port 9000 to listen for search queries. The main search function will accept a single '../' string in the query, providing access to all documents in the 'http' directory one level up. These documents contain various administrative information, including the password for the remote administration utility. The password is base-64 encoded, and can be easily restored to plaintext to give an attacker full remote administration abilities for the search engine. The webserver will accept multiple '../' strings if they are hex encoded, ie '%2e%2e%2f'.

Affected Products

Altavista search_intranet

Short Name
HTTP:CGI:ALTAVISTA-TRAVERSAL
Severity
Minor
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
AltaVista CVE-2000-0039 Directory Engine Search Traversal bid:896
Release Date
04/22/2003
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3375
False Positive
Unknown
Vendors

Altavista

CVSS Score

5.0

Found a potential security threat?