Signature Detail
Short Name |
HTTP:DIR:QUICKSHARE-DIR-TRAV |
|---|---|
Severity |
Medium |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
QuickShare Directory Traversal |
Release Date |
2013/05/08 |
Update Number |
2261 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: QuickShare Directory Traversal
This signature detects directory traversal attempts in QuickShare. Attackers can read arbitrary files via a slightly modified directory traversal attack to access files outside the server's path, from which they can gain sensitive information about the system and use it to craft a targeted attack.
Extended Description
QuickShare is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue will allow an attacker to read files outside the webroot directory. Information harvested may aid in launching further attacks. QuickShare 1.0 is vulnerable; other versions may also be affected.
Affected Products
- QuickShare 1.0
References
- BugTraq: 43258
- CVE: CVE-2010-3488