| GEN:SID | 1:3131 |
| Message | WEB-CGI mailman directory traversal attempt |
| Summary | This event is generated when an attempt is made to exploit a known vulnerability in GNU Mailman.
|
| Impact | Information disclosure.
|
| Detailed Information | GNU Mailman is used to manage mailing lists. It is written in Python and is available on a variety of platforms.
GNU Mailman when used with webservers that do not remove extra slashes from URLs, is prone to a directory traversal attack that may allow an attacker access to sensitive files on an affected system.
|
| Affected Systems | GNU Mailman in conjunction with Apache 1.3.x
|
| Attack Scenarios | An attacker can supply extra slashes and dots (....///) to a URL to escape the web root and access other parts of the host filesystem.
|
| Ease of Attack | Simple. Exploit software is not required.
|
| Corrective Action | Apply the appropriate vendor supplied patches.
|
| Additional References | |
| Rule References | cve: 2005-0202
|