HTTP: Carey Internet commerce.cgi Directory Traversal
This signature detects directory traversal attempts that exploit the commerce.cgi script vulnerability in the Carey Internet Services package. Attackers can send maliciously crafted URLs to the server to read arbitrary files.
Extended Description
It is possible for a remote user to gain read access to directories and files outside the root directory of Carey Internet Services Commerce.cgi. Requesting a specially crafted URL composed of '/../%00' along with the known filename or directory will disclose the requested resource.
Affected Products
Carey_internet_services commerce.cgi
Short Name
HTTP:CGI:CAREY-COMMERCE-DIR-TRV
Severity
Minor
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
CVE-2001-0210 Carey Directory Internet Traversal bid:2361 commerce.cgi
Release Date
04/22/2003
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Carey_internet_services
CVSS Score
5.0