HTTP: Directory Traversal

This protocol anomaly triggers when it detects an HTTP directory traversal attempt, i.e. /../ or /./. This can indicate an attempt to evade an IDS (IDP is not vulnerable). Note that some Web sites refer to directories in a way that looks like a traversal.

Extended Description

An HTTP request that contains a parent directory string could indicate an attempt to perform an unauthorized directory traversal is underway.

Short Name
HTTP:DIR:TRAVERSE-DIRECTORY
Severity
Minor
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-1999-0229 CVE-2002-0661 CVE-2005-2020 CVE-2008-1145 CVE-2010-2307 CVE-2011-0751 CVE-2011-4878 CVE-2012-0419 CVE-2014-0780 CVE-2014-4249 CVE-2015-2166 CVE-2015-7254 CVE-2016-0709 CVE-2016-0710 CVE-2017-14384 CVE-2018-14007 CVE-2018-18990 CVE-2019-3816 CVE-2024-4956 HTTP bid:106634 bid:2218 bid:46880 bid:49097 bid:5434 bid:68849
Release Date
08/27/2003
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3717
False Positive
Occasionally
CVSS Score

7.5

9.0

7.8

5.0

Found a potential security threat?