HTTP: Sojourn File View Disclosure
This signature detects attempts to exploit a known vulnerability in sojourn.cgi. Attackers can view arbitrary files on a Web server.
Extended Description
Any file that the webserver has read access to can be read on a server running the Sojourn search engine. The Sojourn software includes the ability to organize a website into categories. These categories can then be accessed via the sojourn.cgi Perl script. This is done by making a request for a URL like: http ://target/cgi-bin/sojourn.cgi?cat=categoryname Each category has an associated .txt file based on the category name. The program appends the .txt extension onto the contents of the 'cat' variable. However, the program will accept and follow the '../' string in the variable contents, allowing read access to any .txt file the webserver can read. This restriction can be bypassed by appending %00 to the end of the requested file, which will prevent the .txt extension from being used in the filename.
Affected Products
Generation_terrorists_designs_&_concepts sojourn
Short Name
HTTP:CGI:SOJOURN-FILE-VIEW
Severity
Warning
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
CVE-2000-0180 Disclosure File Sojourn View bid:1052
Release Date
04/22/2003
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Generation_terrorists_designs_&_concepts
CVSS Score
5.0