Un-CGI "dot dot" directory traversal could allow remote program execution
|uncgi-dot-directory-traversal (6846)||High Risk|
Un-CGI could allow a remote attacker to traverse directories on the Web server. A remote attacker can use "dot dot" sequences (/../) to traverse directories and execute programs with privileges of the HTTP user.
No remedy available as of June 1, 2013.
- BugTraq Mailing List, Tue Jul 17 2001 - 05:48:12 CDT: multiple vulnerabilities in un-cgi.
- BugTraq Mailing List, Wed Jul 18 2001 - 14:14:27 CDT: Re: [Khamba Staring
] multiple vulnerabilities in un-cgi.
- Un-CGI Web site: Un-CGI version 1.10.
- BID-3056: Steve Grimm Un-CGI Directory Traversal Vulnerability
- CVE-2001-1242: Directory traversal vulnerability in Un-CGI 1.9 and earlier allows remote attackers to execute arbitrary code via a .. (dot dot) in an HTML form.
- OSVDB ID: 8963: Un-CGI Double Dot Arbitrary File Access
- Steven Grimm Un-CGI
Jul 17, 2001