HTTP: Barracuda Spam Firewall Directory Traversal
This signature detects attempts to exploit a known vulnerability in Barracuda Spam Firewall versions 3.1.17 and below. An unprivileged attacker can use a directory traversal attack against a vulnerable CGI script to verify file existence, access file contents, and delete files on a Barracuda Spam Firewall system. Patches are available.
Extended Description
Barracuda Spam Firewall is prone to a directory traversal vulnerability. This issue affects the Web interface of the appliance. Exploitation of this vulnerability could lead to a loss of confidentiality as arbitrary files are disclosed to an attacker. Information obtained through this attack may aid in further attacks against the underlying system. Barracuda Spam Firewall firmware 3.1.17 and prior versions are affected by this issue.
Affected Products
Barracuda_networks barracuda_spam_firewall
Short Name
HTTP:DIR:BARRACUDA-DIRTRAV
Severity
Minor
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
Barracuda CVE-2005-2847 CVE-2005-2848 Directory Firewall Spam Traversal bid:14710 bid:14712
Release Date
11/07/2005
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Barracuda_networks
CVSS Score
7.5
5.0