Signature Detail
Short Name |
HTTP:DIR:BARRACUDA-DIRTRAV |
|---|---|
Severity |
Medium |
Recommended |
No |
Category |
HTTP |
Keywords |
Barracuda Spam Firewall Directory Traversal |
Release Date |
2005/11/07 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Barracuda Spam Firewall Directory Traversal
This signature detects attempts to exploit a known vulnerability in Barracuda Spam Firewall versions 3.1.17 and below. An unprivileged attacker can use a directory traversal attack against a vulnerable CGI script to verify file existence, access file contents, and delete files on a Barracuda Spam Firewall system. Patches are available.
Extended Description
Barracuda Spam Firewall is prone to a directory traversal vulnerability. This issue affects the Web interface of the appliance. Exploitation of this vulnerability could lead to a loss of confidentiality as arbitrary files are disclosed to an attacker. Information obtained through this attack may aid in further attacks against the underlying system. Barracuda Spam Firewall firmware 3.1.17 and prior versions are affected by this issue.
Affected Products
- Barracuda Networks Barracuda Spam Firewall 3.1.17 firmware
References
- BugTraq: 14710
- BugTraq: 14712
- CVE: CVE-2005-2848
- CVE: CVE-2005-2847
- URL: http://www.securiweb.net/wiki/Ressources/AvisDeSecurite/2005.1
- URL: http://securitytracker.com/alerts/2005/Sep/1014837.html