Summary
It is possible to read arbitrary files on
the remote server by requesting :
GET /cgi-bin/story.pl?next=../../../file_to_read%00
An attacker may use this flaw to read arbitrary files on this server.
Solution
Upgrade story.pl to the latest version (1.4 or later).
Severity
Classification
-
CVE CVE-2001-0804 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- AdaptCMS Lite Cross Site Scripting and Remote File Include Vulnerabilities
- AjaXplorer Remote Command Injection and Local File Disclosure Vulnerabilities
- Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities
- AN Guestbook Local File Inclusion Vulnerability
- Apache Struts Directory Traversal Vulnerability