Mozilla Firefox < 0.0.9 'Plain Old Webserver' (POW) Directory Traversal Arbitrary File Access (deprecated)

medium Nessus Network Monitor Plugin ID 3910

Synopsis

The remote host is vulnerable to a directory traversal flaw.

Description

The remote host is running Plain Old Webserver (POW), a Firefox plugin that allows the user to run a web server via a browser plugin. This version of POW is vulnerable to a directory traversal flaw. An attacker exploiting this flaw would send a malformed request that contained '../' strings. Such a request would allow the attacker to obtain confidential files from outside the web root directory. Successful exploitation would lead to the loss of confidential data.

Solution

Upgrade to version 0.0.9 or higher.

See Also

https://addons.mozilla.org/firefox/3002

Plugin Details

Severity: Medium

ID: 3910

Family: Web Servers

Published: 2/12/2007

Updated: 3/6/2019

Risk Information

VPR

Risk Factor: Medium

Score: 4.2

CVSS v2

Risk Factor: Low

Base Score: 3.3

Temporal Score: 2.7

Vector: CVSS2#AV:A/AC:L/Au:N/C:P/I:N/A:N

CVSS v3

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 4

Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:mozilla:firefox

Reference Information

CVE: CVE-2007-0872

BID: 22502