iWeb Systems Hyperseek search engine may allow malformed URL requests to access files outside the document root of a vulnerable system.
A specially crafted URL can disclose the directory listing and files of the target system with read permissions.
Remote attackers may be able to disclose directory listings and files of the target system with read permissions.
Contact the vendor to obtain a patch.
Mc GaN <firstname.lastname@example.org>, has been publicly credited for discovering this vulnerability.
This document was written by Ian A. Finlay.
|Date First Published:||2003-02-14|
|Date Last Updated:||2003-02-14 20:47 UTC|