9 lines
No EOL
795 B
Text
9 lines
No EOL
795 B
Text
source: https://www.securityfocus.com/bid/8883/info
|
|
|
|
It has been reported that Apache Cocoon may be prone to a directory traversal vulnerability that may allow an attacker to traverse outside the server root directory by using '/./../' character sequences. The issue is caused by insufficient sanitization of user-supplied input to the "filename" parameter in the sample "view-source" script.
|
|
|
|
This vulnerability may be successfully exploited to gain sensitive information about a vulnerable host that could be used to launch further attacks against the system.
|
|
|
|
Apache Cocoon version 2.1 and 2.2 before 22 Oct 2003 have been reported to be affected by this issue, however other versions may be affected as well.
|
|
|
|
http://www.example.com:8888/samples/view-source?filename=../../../[existing_file] |