HTTP: Webster Directory Traversal
This signature detects directory traversal attacks against Webster HTTPd that ships with the MSDN Samples Pack. Attackers can send a maliciously crafted GET request to the host to access files on the system that are available to the Web server daemon.
Extended Description
A file disclosure vulnerability has been discovered in Webster HTTP Server. It has been reported that by passing directory traversal sequences to the vulnerable server, it is possible to access arbitrary files located on the system. Information gained by exploiting this vulnerability may assist attackers in launching further attacks against target systems.
Affected Products
Webster webster_http_server
References
BugTraq: 6291
URL: http://www.securiteam.com/windowsntfocus/6R0030A6AY.html http://www.netdave.com/webster/webster.htm
Short Name
HTTP:WEBSTER:DIR-TRAVERSAL
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Directory Traversal Webster bid:6291
Release Date
04/22/2003
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Webster