HTTP: Directory Traversal in HTTP Request

This signature detects attempts to exploit a known flaw in HTTP request headers. A successful attack can result in directory traversal attacks.

Extended Description

CGI::Session is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data. Exploiting the issue may allow an attacker to obtain sensitive information that could aid in further attacks. CGI::Session 3.94, 3.95, and 4.33 are vulnerable; other versions may also be affected.

Affected Products

Freestyle_wiki fswiki

References

BugTraq: 11190 30267 28278 99169 51174

CVE: CVE-2024-0800

URL: http://vuln.sg/cgisession433-en.html https://success.trendmicro.com/solution/1119811 https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03128469 http://support.lexmark.com/index?page=content&id=TE666&locale=EN&userlocale=EN_US https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-hyperflex-upload-KtCK8Ugz https://www.vmware.com/security/advisories/VMSA-2023-0018.html http://www.zerodayinitiative.com/advisories/ZDI-23-718/ http://www.securityfocus.com/archive/1/540783/30/0/threaded https://success.trendmicro.com/solution/000245571 http://www.zerodayinitiative.com/advisories/ZDI-23-717/ https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10332 http://www.zerodayinitiative.com/advisories/zdi-14-410/ http://support.lexmark.com/index?page=content&id=te666&locale=en&userlocale=en_u http://www.zerodayinitiative.com/advisories/zdi-18-469/ http://www.zerodayinitiative.com/advisories/zdi-13-280/ http://www.zerodayinitiative.com/advisories/zdi-13-279/ http://securitytracker.com/id?1030385 http://www.zerodayinitiative.com/advisories/zdi-14-195/ https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c04333125 http://www.zerodayinitiative.com/advisories/zdi-16-039/ http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html http://www.zerodayinitiative.com/advisories/zdi-15-151/ https://www.novell.com/support/kb/doc.php?id=7016431 https://www.novell.com/support/kb/doc.php?id=7017428 https://support.zoho.com/portal/manageengine/helpcenter/articles/servlet-vulnerability-fix http://www.zerodayinitiative.com/advisories/zdi-17-164/ https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-hpesbhf03715en_us http://www.zerodayinitiative.com/advisories/zdi-17-049/ https://www.brocade.com/content/dam/common/documents/content-types/security-bulletin/brocade-security-advisory-2016-012.pdf https://support.arcserve.com/s/article/Arcserve-UDP-9-2-Is-Now-Available?language=en_U https://www.tenable.com/security/research/tra-2023-37 https://support.arcserve.com/s/article/P00003050?language=en_U https://www.tenable.com/security/research/tra-2024-07

Short Name
HTTP:DIR:HTTP-REQUEST-HDR
Severity
Minor
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
CVE-2004-0959 CVE-2008-1000 CVE-2011-4166 CVE-2013-6221 CVE-2013-6810 CVE-2014-2314 CVE-2014-6036 CVE-2014-8741 CVE-2015-0781 CVE-2015-1830 CVE-2016-0490 CVE-2016-1593 CVE-2016-8204 CVE-2017-16603 CVE-2017-4997 CVE-2017-5794 CVE-2018-10357 CVE-2019-2618 CVE-2020-8599 CVE-2021-1499 CVE-2022-26352 CVE-2023-20890 CVE-2023-32166 CVE-2023-32167 CVE-2023-42000 CVE-2024-0800 Directory HTTP Request Traversal bid:11190 bid:28278 bid:30267 bid:51174 bid:99169 in
Release Date
08/08/2008
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3700
False Positive
Unknown
Vendors

Sherzod_ruzmetov

Freestyle_wiki

CVSS Score

7.5

6.5

4.3

6.4

8.5

9.0

10.0

5.5

2.1

5.0

Found a potential security threat?