CGI_APACHE2.0.39_TRAVERSAL_EXPLOIT
Schweregrad:: Hoch
Hinweisdatum: 04 Februar 2011
Beschreibung
A vulnerability in the default installation of Apache HTTP Server could allow a remote attacker to traverse directories on the Web server and view and execute files. A remote attacker could create a specially-crafted URL request containing hexadecimal URL encoded "backslash dot dot" sequences (in the form of 5c%2e%2e%5c) to traverse directories and view arbitrary files and directories on the Web server. An attacker could use this vulnerability to execute commands on the system by traversing to the /cgi-bin/ directory.
Trend Micro Lösungen
Download the latest NVW pattern file from this site:
http://www.trendmicro.com/download/product.asp?productid=45
Betroffene Software und Version:
- Apache web server version 2.0.39 and previous 2.0.x (Windows/Netware/OS2)