Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
| GEN:SID | 1:1607 |
| Message | WEB-CGI HyperSeek hsx.cgi access |
| Summary | This event is generated when an attempt is made to access hsx.cgi on a web server. This may indicate an attempt to exploit a vulnerability in the Hyperseek 2000 search engine that allows read-access to directory listings and files. |
| Impact | Information gathering. |
| Detailed Information | This event may indicate that an attempt has been made to exploit a directory traversal vulnerability in HyperSeek 2000. An attacker can use directory traversal techniques to view hidden files and directories on the web server. |
| Affected Systems | Web servers running iWeb Systems HyperSeek 2000 are vulnerable. |
| Attack Scenarios | An attacker can use directory traversal techniques when executing hsx.cgi to view directories and files on the web server. |
| Ease of Attack | Simple. Exploits exist. |
| Corrective Action | Apply the appropriate vendor supplied patches. Uprade to the latest non-affected version of the software. |
| Additional References | Bugtraq http://www.securityfocus.com/bid/2314 CERT/CC http://www.kb.cert.org/vuls/id/146704 CVE http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0253 Nessus http://cgi.nessus.org/plugins/dump.php3?id=10602 |
| Rule References | bugtraq: 2314 cve: 2001-0253 nessus: 10602 |
--
DID:290952
--
http://www.aanval.com/