HTTP: Cobalt RAQ 4 Configuration Directory Traversal
This signature detects directory traversal attempts against Cobalt RAQ 4 Server Management running on Solaris or Linux. Attackers can gain access to sensitive information from configuration files located in the restricted /admin directory.
Extended Description
RaQ is a server appliance originally developed by Cobalt. It is now distributed and maintained by Sun Microsystems. It has been reported that Cobalt RaQ appliances are vulnerable to a directory traversal attack. Using this attack, it is possible for a remote user to read sensitive configuration files, such as .htaccess files, and could potentially result in unauthorized access to restricted information. It is unknown whether this attack will permit escape of the HTTP root directory.
Affected Products
Cobalt raq
Short Name
HTTP:COBALT:CONF-DIR-TRAV
Severity
Minor
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
4 CVE-2002-0347 Cobalt Configuration Directory RAQ Traversal bid:4208
Release Date
04/22/2003
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Sun
Cobalt
CVSS Score
5.0