Detections
Analytics

Plain Old Webserver URI Traversal Arbitrary File Access

medium Nessus Plugin ID 24669

Language:

Synopsis

The remote web server is susceptible to a directory traversal attack.

Description

The remote host is running Plain Old Webserver, a Firefox extension that acts as a web server.

The version of Plain Old Webserver (pow) installed on the remote host fails to sanitize the URL of directory traversal sequences. An unauthenticated attacker can exploit this to read files on the affected host subject to the permissions of the user id under which Firefox runs.

Solution

Unknown at this time.

See Also

https://seclists.org/fulldisclosure/2007/Feb/196

Plugin Details

Severity: Medium

ID: 24669

File Name: pow_dir_traversal.nasl

Version: 1.18

Type: remote

Family: CGI abuses

Published: 2/19/2007

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.2

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

Exploit Ease: No exploit is required

Vulnerability Publication Date: 2/9/2007

Reference Information

CVE: CVE-2007-0872

BID: 22502