Vulnerability Note VU#651994
SEDUM HTTP server permits directory traversal
The SEDUM web server permits intruders to access files outside the web root.
The SEDUM Web Server permits intruders to access files outside the web root using a GET request containing ".." (dot dot). This can expose files (including files with sensitive information) to exposure by unauthorized individuals.
Intruders can read files accessible to the SEDUM web server they should not be able to read .
The CERT/CC is currently unaware of a practical solution to this problem.
No information available. If you are a vendor and your product is affected, let us know.
Our thanks to Joe Testa, who originally
this problem on BugTraq.
This document was written by Shawn V. Hernan.
04 Feb 2001
Date First Published:
15 May 2001
Date Last Updated:
25 Jun 2001
If you have feedback, comments, or additional information about this vulnerability, please send us email.