Vulnerability Note VU#146704

Hyperseek 2000 hsx.cgi does not adequately filter user input disclosing directory listings and file contents

Original Release date: 14 Feb 2003 | Last revised: 14 Feb 2003

Overview

iWeb Systems Hyperseek search engine may allow malformed URL requests to access files outside the document root of a vulnerable system.

Description

A specially crafted URL can disclose the directory listing and files of the target system with read permissions.

Impact

Remote attackers may be able to disclose directory listings and files of the target system with read permissions.

Solution

Contact the vendor to obtain a patch.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
IWeb SystemsAffected-14 Feb 2003
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

Mc GaN <vipersv@mail.ru>, has been publicly credited for discovering this vulnerability.

This document was written by Ian A. Finlay.

Other Information

  • CVE IDs: CAN-2001-0253
  • Date Public: 28 Jan 2001
  • Date First Published: 14 Feb 2003
  • Date Last Updated: 14 Feb 2003
  • Severity Metric: 4.50
  • Document Revision: 18

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.