header-logo
Suggest Exploit
vendor:
Directory Server
by:
SecurityFocus
7.5
CVSS
HIGH
Directory Traversal
22
CWE
Product Name: Directory Server
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

Directory Traversal in Netscape Directory Server

Acquiring access to known files outside of the web root is possible through directory traversal techniques in Netscape Directory Server. This is made possible through the use of "../" in a HTTP request. The following services are affected by this vulnerability: The Agent services server on port 8100/tcp, The End Entity services server on port 443/tcp (Accessible through SSL), The Administrator services server on a random port configured during installation.

Mitigation:

Ensure that the web server is configured to prevent directory traversal attacks.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/1839/info
 
 
Acquiring access to known files outside of the web root is possible through directory traversal techniques in Netscape Directory Server. This is made possible through the use of "\../" in a HTTP request. The following services are affected by this vulnerability:
 
- The Agent services server on port 8100/tcp
- The End Entity services server on port 443/tcp (Accessible through SSL)
- The Administrator services server on a random port configured during installation.
 
https://target/ca/\../\../\../\file.ext

Navigation

Suggest Exploit

Services By CQR