[Snort-sigs] rule documentation for WEB-MISC carbo.dll access

Josh.Sakofsky at ...1573... Josh.Sakofsky at ...1573...
Tue Jun 10 13:52:05 EDT 2003


Rule: WEB-MISC carbo.dll access

--
Sid: 1001

--
Summary: iCat Carbo Server can disclose the contents of any known file on 
the local system.

--
Impact: Serious

--
Detailed Information: The iCat Carbo server, which is part of the 
Electronic Commerce Suite, does not properly check
HTTP requests and will give access to any file object residing on the 
system when it receives a request such as
http://target/carbo.dll?icatcommand=..\..\directory/filename.ext&catalogname=catalog

--
Affected Systems: iCat Electronica Commerce Suite 3.0 

--
Attack Scenarios: An attacker can view any file on the server, including 
sensitive password files.

--
Ease of Attack: Easy.

--
False Positives: None Known

--
False Negatives: None Known

--
Corrective Action: None Known

--
Contributors: Original rule writer unknown.
              Josh Sakofsky
-- 
Additional References: http://www.securityfocus.com/bid/2126
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1069
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20030610/1b8eedce/attachment.html>


More information about the Snort-sigs mailing list