[Snort-sigs] rule documentation for WEB-CGI mrtg.cgi directory traversal attempt

Josh.Sakofsky at ...1573... Josh.Sakofsky at ...1573...
Wed Jun 11 12:39:02 EDT 2003

Rule: WEB-CGI mrtg.cgi directory traversal attempt

Sid: 1862

Summary: A remote user has tried to exploit a flaw on a server running 

Impact: Medium

Detailed Information: MRTG is a graphing program, typically used for 
diplaying statistics about network devices such as 
routers and switches. The mrtg.cgi script is vulnerable to an attack that 
can display the first line of any file on the system.
By carfting a url like so 
a user is able to view the specified file.

Affected Systems: Hosts running MRTG

Attack Scenarios: An attacker can use the mrtg.cgi program to view the 
first line of any file.

Ease of Attack: Trivial

False Positives: None Known

False Negatives: None Known

Corrective Action: Disallow access to the mrtg.cgi program.

Contributors: Original rule writer unknown.
              Josh Sakofsky
Additional References: http://cgi.nessus.org/plugins/dump.php3?id=11001
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20030611/36f880d6/attachment.html>

More information about the Snort-sigs mailing list