Polipo < 0.9.9 Unspecified Traversal Arbitrary File Access
Medium Nessus Plugin ID 19940
SynopsisThe remote web server may expose files outside the local web root.
DescriptionThe remote host is running the Polipo caching web proxy. In addition to caching web pages, the software also functions as a web server for providing access to documentation, cached pages, etc.
The built-in web server in the installed version of Polipo fails to filter directory traversal sequences from requests. By exploiting this issue, an attacker may be able to retrieve files located outside the local web root, subject to the privileges of the userid under which Polipo runs.
SolutionUpgrade to Polipo 0.9.9 or later.