header-logo
Suggest Exploit
vendor:
rdiffWeb
by:
SecurityFocus
7.5
CVSS
HIGH
Directory Traversal
22
CWE
Product Name: rdiffWeb
Affected Version From: 2000.3.5
Affected Version To: 2000.3.5
Patch Exists: N/A
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2007

rdiffWeb Directory Traversal Vulnerability

rdiffWeb is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to retrieve arbitrary files from the vulnerable system in the context of the webserver process. Information obtained may aid in further attacks.

Mitigation:

Input should be validated and filtered to prevent directory traversal attacks.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/24092/info

rdiffWeb is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability to retrieve arbitrary files from the vulnerable system in the context of the webserver process. Information obtained may aid in further attacks.

This issue affects rdiffWeb 0.3.5; other versions may also be affected. 

http://localhost:8080/browse/?repo=b&path=..%2F..%2F..%2Fetc

Navigation

Suggest Exploit

Services By CQR