HTTP: Cgit Path Parameter Directory Traversal Information Disclosure
This signature detects directory traversal attempts within HTTP GET or POST of Cgit Web application. Successful exploitation could lead to the disclosure of arbitrary file content which is readable by the web server process from the target server's file system.
Extended Description
cgit_clone_objects in CGit before 1.2.1 has a directory traversal vulnerability when `enable-http-clone=1` is not turned off, as demonstrated by a cgit/cgit.cgi/git/objects/?path=../ request.
Affected Products
Cgit_project cgit
Short Name
HTTP:DIR:CVE-2018-14912-INF-DIS
Severity
Minor
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2018-14912 Cgit Directory Disclosure Information Parameter Path Traversal
Release Date
09/06/2018
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3590
False Positive
Unknown
Vendors
Cgit_project
Debian
CVSS Score
5.0