header-logo
Suggest Exploit
vendor:
HTTP Application
by:
Unknown
5.5
CVSS
MEDIUM
Directory Traversal
22
CWE
Product Name: HTTP Application
Affected Version From: HTTP 1.1
Affected Version To: Unknown
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
Unknown

Directory Traversal Vulnerability in HTTP Application

The HTTP application is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue will allow an attacker to view arbitrary local files and directories within the context of the webserver. Information harvested may aid in launching further attacks.

Mitigation:

To mitigate this vulnerability, it is recommended to sanitize user-supplied input to prevent directory traversal attacks. Additionally, access controls should be implemented to restrict unauthorized access to sensitive files and directories.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/39590/info

The HTTP application is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input.

Exploiting this issue will allow an attacker to view arbitrary local files and directories within the context of the webserver. Information harvested may aid in launching further attacks.

HTTP 1.1 is vulnerable; other versions may also be affected. 

GET /..\..\\..\..\\..\..\\..\..\\\boot.ini HTTP/1.0

Navigation

Suggest Exploit

Services By CQR