Http Explorer Request Handling Directory Traversal and File Disclosure Vulnerability


Description   A vulnerability has been identified in Http Explorer, which could be exploited by attackers to gain unauthorized access to arbitrary files on a vulnerable system. This flaw is due to an input validation error when processing malformed HTTP requests, which could be exploited by remote attackers to access and read the contents of arbitrary files.
     
Vulnerable Products   Vulnerable Software:
Http explorer version 1.02 and prior
     
Solution  
     
CVE   CVE-2006-6758
     
References  
     
Vulnerability Manager Detection   No
     
IPS Protection  
ASQ Engine alarm Available Since
Misc : Directory traversal - parameter starting with ../
3.2.0
Directory traversal using ..\..
3.2.0
Directory traversal
3.2.0
     


 
 
 
 
 Risk level 
Moderate 

 Vulnerability First Public Report Date 
2006-12-22 

 Target Type 
Server 

 Possible exploit 
Local & Remote