Polipo < 0.9.9 Unspecified Traversal Arbitrary File Access

Medium Nessus Plugin ID 19940


The remote web server may expose files outside the local web root.


The remote host is running the Polipo caching web proxy. In addition to caching web pages, the software also functions as a web server for providing access to documentation, cached pages, etc.

The built-in web server in the installed version of Polipo fails to filter directory traversal sequences from requests. By exploiting this issue, an attacker may be able to retrieve files located outside the local web root, subject to the privileges of the userid under which Polipo runs.


Upgrade to Polipo 0.9.9 or later.

See Also



Plugin Details

Severity: Medium

ID: 19940

File Name: polipo_dir_traversal.nasl

Version: $Revision: 1.14 $

Type: remote

Family: Web Servers

Published: 2005/10/06

Modified: 2011/03/14

Dependencies: 10107

Risk Information

Risk Factor: Medium


Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

Exploit Available: false

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 2005/09/23

Reference Information

CVE: CVE-2005-3163

BID: 14970

OSVDB: 19693