HTTP: Multiple Product Web server Information Disclosure

This signature detects attempts to exploit a known vulnerability in Multiple Product. A successful attack can lead to unauthorized information disclosure.

Extended Description

Directory traversal vulnerability in the web server in Cogent DataHub 7.1.1.63 and earlier allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in an HTTP request.

Affected Products

Cogentdatahub cogent_datahub

References

BugTraq: 49611 49610

CVE: CVE-2009-3646

Short Name
HTTP:INFO-LEAK:MUL-WEB-SERVER
Severity
Minor
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2009-3646 CVE-2011-3493 CVE-2011-3500 CVE-2011-3501 CVE-2011-3502 Disclosure Information Multiple Product Web bid:49610 bid:49611 server
Release Date
06/11/2013
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3375
False Positive
Unknown
Vendors

Cogentdatahub

CVSS Score

10.0

5.0

Found a potential security threat?