Vulnerability Note VU#146704
Hyperseek 2000 hsx.cgi does not adequately filter user input disclosing directory listings and file contents
iWeb Systems Hyperseek search engine may allow malformed URL requests to access files outside the document root of a vulnerable system.
A specially crafted URL can disclose the directory listing and files of the target system with read permissions.
Remote attackers may be able to disclose directory listings and files of the target system with read permissions.
Contact the vendor to obtain a patch.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|IWeb Systems||Affected||-||14 Feb 2003|
CVSS Metrics (Learn More)
Mc GaN <firstname.lastname@example.org>, has been publicly credited for discovering this vulnerability.
This document was written by Ian A. Finlay.
- CVE IDs: CAN-2001-0253
- Date Public: 28 Jan 2001
- Date First Published: 14 Feb 2003
- Date Last Updated: 14 Feb 2003
- Severity Metric: 4.50
- Document Revision: 18
If you have feedback, comments, or additional information about this vulnerability, please send us email.