10 lines
No EOL
574 B
Text
10 lines
No EOL
574 B
Text
source: http://www.securityfocus.com/bid/1839/info
|
|
|
|
|
|
Acquiring access to known files outside of the web root is possible through directory traversal techniques in Netscape Directory Server. This is made possible through the use of "\../" in a HTTP request. The following services are affected by this vulnerability:
|
|
|
|
- The Agent services server on port 8100/tcp
|
|
- The End Entity services server on port 443/tcp (Accessible through SSL)
|
|
- The Administrator services server on a random port configured during installation.
|
|
|
|
https://target/ca/\../\../\../\file.ext |