Fastraq Mailtraq 1.1.4 - Multiple Path Vulnerabilities

EDB-ID:

19973

CVE:



Author:

Slash

Type:

remote


Platform:

Windows

Date:

2000-03-22


source: https://www.securityfocus.com/bid/1278/info

A remote user may browse any known directory on a host running Fastraq Mailtraq 1.1.4 by making a URL request that includes the '../' string.

In addition, requesting a URL appended with "../" and an unusually long character string will return an error message disclosing the full path of the Mailtraq installation directory. 

Directory traversal vulnerability:
http: //target/../../knowndirectory/

Path disclosure vulnerability:
http:&nbsp;//target/../<very long character string>