Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
GEN:SID | 1:3131 |
Message | WEB-CGI mailman directory traversal attempt |
Summary | This event is generated when an attempt is made to exploit a known vulnerability in GNU Mailman. |
Impact | Information disclosure. |
Detailed Information | GNU Mailman is used to manage mailing lists. It is written in Python and is available on a variety of platforms. GNU Mailman when used with webservers that do not remove extra slashes from URLs, is prone to a directory traversal attack that may allow an attacker access to sensitive files on an affected system. |
Affected Systems | GNU Mailman in conjunction with Apache 1.3.x |
Attack Scenarios | An attacker can supply extra slashes and dots (....///) to a URL to escape the web root and access other parts of the host filesystem. |
Ease of Attack | Simple. Exploit software is not required. |
Corrective Action | Apply the appropriate vendor supplied patches. |
Additional References | |
Rule References | cve: 2005-0202 |
--
DID:679421
--
http://www.aanval.com/