10 lines
No EOL
623 B
Text
Executable file
10 lines
No EOL
623 B
Text
Executable file
source: http://www.securityfocus.com/bid/1839/info
|
|
|
|
|
|
Acquiring access to known files outside of the web root is possible through directory traversal techniques in both iPlanet Certificate Management System (CMS) and Netscape Directory Server. This is made possible through the use of "\../" in a HTTP request. The following services are affected by this vulnerability:
|
|
|
|
- The Agent services server on port 8100/tcp
|
|
- The End Entity services server on port 443/tcp (Accessible through SSL)
|
|
- The Administrator services server on a random port configured during installation.
|
|
|
|
https://target/ca/\../\../\../\file.ext |