Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
exploitdbNeme-dhcEDB-ID:20797
HistoryApr 24, 2001 - 12:00 a.m.

Perl Web Server 0.x - Directory Traversal

2001-04-2400:00:00
neme-dhc
www.exploit-db.com
18

AI Score

7.4

Confidence

Low

JSON
source: https://www.securityfocus.com/bid/2648/info

Perl Web Server, an experimental cross-platform web server project, does not prevent a remote user from requesting documents outside the ServerRoot (location of the virtual / directory).

This means that if an attacker knows the location of a sensitive file relative to the ServerRoot, he can retrieve the contents of the file by making an HTTP request containing the relative path. 

o retrieve /etc/password from a vulnerable host, request:

http://www.server.com/../../../../etc/passwd

The number of ../ path characters will depend on the ServerRoot (location of the virtual / directory) setting.

Related

cvelist 1
nvd 1
cve 1
cvelist
cvelist
CVE-2001-0462
2001-09-18 04:00:00
nvd
nvd
CVE-2001-0462
2001-06-27 04:00:00
cve
cve
CVE-2001-0462
2001-09-18 04:00:00

AI Score

7.4

Confidence

Low

JSON
Related for EDB-ID:20797
cvelist1nvd1cve1