Tatantella ttawebtop.cgi远程目录遍历漏洞

Tatantella ttawebtop.cgi远程目录遍历漏洞

漏洞ID 1106389 漏洞类型 未知
发布时间 2001-06-18 更新时间 2005-05-17
图片[1]-Tatantella ttawebtop.cgi远程目录遍历漏洞-安全小百科CVE编号 CVE-2001-0805
图片[2]-Tatantella ttawebtop.cgi远程目录遍历漏洞-安全小百科CNNVD-ID CNNVD-200112-034
漏洞平台 CGI CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/20940
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200112-034
|漏洞详情
TarantellaEnterprise3是一个数据和应用程序集中管理工具,提供Web管理接口,可以运行于大多数Unix和Linux平台。Tarantella包含的一个CGI脚本ttawebtop.cgi,远程攻击者可以利用此漏洞遍历服务器的目录。由于没有对”../”进行过滤,导致远程攻击者通过提交一个特殊请求遍历服务器目录或读取任意文件。
|漏洞EXP
source: http://www.securityfocus.com/bid/2890/info

Tarantella Enterprise 3 is a tool for centralized management of data and applications. It is operated via a web interface. It will run on a number of Unix and Linux distributions.

ttawebtop.cgi is a CGI script included with the Tarantella, formerly SCO. ttawebtop.cgi is designed as management tool, designed to allow a user clicking a link to display and resume an application at any time.

ttawebtop.cgi does not sufficiently validate input. In not doing so, it's possible for a remote user to traverse the directory structure, and view any file that is readable by the webserver process. 


http://xxx/tarantella/cgi-bin/ttawebtop.cgi/?action=start&pg=../../../../../../../../../../../../../../../etc/passwd
|参考资料

来源:XF
名称:tarantella-ttawebtop-read-files(6723)
链接:http://xforce.iss.net/static/6723.php
来源:BID
名称:2890
链接:http://www.securityfocus.com/bid/2890
来源:BUGTRAQ
名称:20010619Re:SCOTarantellaRemotefilereadviattawebtop.cgi
链接:http://www.securityfocus.com/archive/1/[email protected]
来源:BUGTRAQ
名称:20010618SCOTarantellaRemotefilereadviattawebtop.cgi
链接:http://www.securityfocus.com/archive/1/[email protected]

相关推荐: Leon J Breedt Pam-PGSQL 远程SQL查询篡改漏洞

Leon J Breedt Pam-PGSQL 远程SQL查询篡改漏洞 漏洞ID 1205333 漏洞类型 输入验证 发布时间 2001-09-10 更新时间 2005-05-02 CVE编号 CVE-2001-1369 CNNVD-ID CNNVD-2001…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享