English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.106756
Category:Web application abuses
Title:Generic HTTP Directory Traversal (Web Root) - Active Check
Summary:Generic check for HTTP directory traversal vulnerabilities on; the web root level of the remote web server.
Description:Summary:
Generic check for HTTP directory traversal vulnerabilities on
the web root level of the remote web server.

Vulnerability Impact:
Successfully exploiting this issue may allow an attacker to
access paths and directories that should normally not be accessible by a user. This can result in
effects ranging from disclosure of confidential information to arbitrary code execution.

Affected Software/OS:
The following products are known to be affected by the pattern
checked in this VT:

- No CVEs: Project Jug, Webp Server Go

- CVE-2010-2307: Motorola SURFBoard cable modem SBV6120E

- CVE-2010-4231: Camtron CMNC-200 Full HD IP Camera and TecVoz CMNC-200 Megapixel IP Camera

- CVE-2014-2323: Lighttpd

- CVE-2015-2166: Ericsson Drutt MSDP (Instance Monitor)

- CVE-2015-5688: Geddy

- CVE-2017-11456: Geneko GWR router

- CVE-2017-16806: Ulterius Server

- CVE-2018-10201: Ncomputing vSPace Pro 10 and 11

- CVE-2018-10956: IPConfigure Orchid Core VMS 2.0.5

- CVE-2018-14064: uc-http service 1.0.0 on VelotiSmart WiFi B-380 camera devices

- CVE-2018-18778: mini_httpd

- CVE-2018-19326: Zyxel VMG1312-B10D

- CVE-2018-7490: uWSGI

- CVE-2018-7719: Acrolinx Server

- CVE-2018-8727: Mirasys DVMS Workstation 5.12.6

- CVE-2019-18922: Allied Telesis AT-GS950/8

- CVE-2019-20085: TVT NVMS-1000

- CVE-2019-7315: Genie Access IP Camera

- CVE-2019-9726: Homematic CCU3

- CVE-2020-12447: Onkyo TX-NR585 Web Interface

- CVE-2020-15050: Suprema BioStar2

- CVE-2020-24571: NexusQA NexusDB

- CVE-2020-5410: Spring Cloud Config

- CVE-2021-3019: ffay lanproxy

- CVE-2021-40978: mkdocs 1.2.2 built-in dev-server. Note: This CVE has been disputed by the vendor
because the dev-server is generally seen as being insecure and shouldn't be used in production.
Nevertheless this doesn't make this CVE void so it is included here.

- CVE-2021-41773 and CVE-2021-42013: Apache HTTP Server

- CVE-2022-26233: Barco Control Room Management Suite

- CVE-2022-38794: Zaver

- CVE-2022-45269: Linx Sphere LINX 7.35.ST15

- CVE-2023-22855: Kardex Mlog. Note: The CVE is about a remote code execution (RCE) vulnerability
but the product is also affected by a directory traversal vulnerability and thus the CVE was added
here.

- CVE-2023-46307: etc-browser

- CVE-2024-11303: Korenix JetPort

- CVE-2024-41628: ClusterControl

- CVE-2024-46327: VONETS VAP11G-300 v3.3.23.6.9

- CVE-2024-4956: Nexus Repository Manager 3

- CVE-2024-6049: Lawo AG vsm LTC Time Sync (vTimeSync)

- CVE-2024-6394: parisneo/lollms-webui versions below v9

- CVE-2024-6746: EasySpider 0.6.2

Other products might be affected as well.

Solution:
Contact the vendor for a solution.

CVSS Score:
7.8

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:N/A:N

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2010-2307
BugTraq ID: 40550
http://www.securityfocus.com/bid/40550
http://www.exploit-db.com/exploits/12865
http://www.osvdb.org/65249
http://secunia.com/advisories/40054
XForce ISS Database: motorola-surfboard-psswd-directory-traversal(59113)
https://exchange.xforce.ibmcloud.com/vulnerabilities/59113
Common Vulnerability Exposure (CVE) ID: CVE-2010-4231
Bugtraq: 20101112 TWSL2010-006: Multiple Vulnerabilities in Camtron CMNC-200 IP Camera (Google Search)
http://www.securityfocus.com/archive/1/514753/100/0/threaded
http://www.exploit-db.com/exploits/15505/
https://www.trustwave.com/spiderlabs/advisories/TWSL2010-006.txt
Common Vulnerability Exposure (CVE) ID: CVE-2014-2323
Debian Security Information: DSA-2877 (Google Search)
http://www.debian.org/security/2014/dsa-2877
HPdes Security Advisory: HPSBGN03191
http://marc.info/?l=bugtraq&m=141576815022399&w=2
http://jvn.jp/en/jp/JVN37417423/index.html
http://seclists.org/oss-sec/2014/q1/564
http://seclists.org/oss-sec/2014/q1/561
http://secunia.com/advisories/57404
http://secunia.com/advisories/57514
SuSE Security Announcement: SUSE-SU-2014:0474 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00002.html
SuSE Security Announcement: openSUSE-SU-2014:0449 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00023.html
SuSE Security Announcement: openSUSE-SU-2014:0496 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00006.html
Common Vulnerability Exposure (CVE) ID: CVE-2015-2166
BugTraq ID: 73901
http://www.securityfocus.com/bid/73901
https://www.exploit-db.com/exploits/36619/
http://packetstormsecurity.com/files/131233/Ericsson-Drutt-MSDP-Instance-Monitor-Directory-Traversal-File-Access.html
Common Vulnerability Exposure (CVE) ID: CVE-2015-5688
https://nodesecurity.io/advisories/geddy-directory-traversal
Common Vulnerability Exposure (CVE) ID: CVE-2017-11456
https://blogs.securiteam.com/index.php/archives/3317#more-3317
Common Vulnerability Exposure (CVE) ID: CVE-2017-16806
https://www.exploit-db.com/exploits/43141/
Common Vulnerability Exposure (CVE) ID: CVE-2018-10201
https://www.exploit-db.com/exploits/44497/
http://www.kwell.net/kwell_blog/?p=5199
https://www.kwell.net/kwell/index.php?option=com_newsfeeds&view=newsfeed&id=15&Itemid=173&lang=es
Common Vulnerability Exposure (CVE) ID: CVE-2018-10956
https://www.exploit-db.com/exploits/44916/
http://packetstormsecurity.com/files/148274/IPConfigure-Orchid-VMS-2.0.5-Directory-Traversal-Information-Disclosure.html
Common Vulnerability Exposure (CVE) ID: CVE-2018-14064
https://www.exploit-db.com/exploits/45030/
https://medium.com/@s1kr10s/velotismart-0day-ca5056bcdcac
Common Vulnerability Exposure (CVE) ID: CVE-2018-18778
http://www.acme.com/software/mini_httpd/
Common Vulnerability Exposure (CVE) ID: CVE-2018-19326
https://gist.github.com/numanturle/4988b5583e5ebe501059bd368636de33
Common Vulnerability Exposure (CVE) ID: CVE-2018-7490
Debian Security Information: DSA-4142 (Google Search)
https://www.debian.org/security/2018/dsa-4142
https://www.exploit-db.com/exploits/44223/
Common Vulnerability Exposure (CVE) ID: CVE-2018-7719
https://www.exploit-db.com/exploits/44345/
Common Vulnerability Exposure (CVE) ID: CVE-2018-8727
https://www.onvio.nl/nieuws/cve-mirasys-vulnerability
Common Vulnerability Exposure (CVE) ID: CVE-2019-18922
http://seclists.org/fulldisclosure/2019/Nov/31
http://packetstormsecurity.com/files/155504/Allied-Telesis-AT-GS950-8-Directory-Traversal.html
https://pastebin.com/dpEGKUGz
Common Vulnerability Exposure (CVE) ID: CVE-2019-20085
http://packetstormsecurity.com/files/157196/TVT-NVMS-1000-Directory-Traversal.html
https://www.exploit-db.com/exploits/47774
Common Vulnerability Exposure (CVE) ID: CVE-2019-7315
https://labs.nettitude.com/blog/cve-2019-7315-genie-access-wip3bvaf-ip-camera-directory-traversal/
Common Vulnerability Exposure (CVE) ID: CVE-2019-9726
https://atomic111.github.io/article/homematic-ccu3-fileread
Common Vulnerability Exposure (CVE) ID: CVE-2020-12447
https://blog.spookysec.net/onkyo-lfi/
Common Vulnerability Exposure (CVE) ID: CVE-2020-15050
http://packetstormsecurity.com/files/158576/Bio-Star-2.8.2-Local-File-Inclusion.html
Common Vulnerability Exposure (CVE) ID: CVE-2020-24571
https://www.nexusdb.com/mantis/bug_view_advanced_page.php?bug_id=2371
Common Vulnerability Exposure (CVE) ID: CVE-2020-5410
Common Vulnerability Exposure (CVE) ID: CVE-2021-3019
https://github.com/ffay/lanproxy/commits/master
https://github.com/maybe-why-not/lanproxy/issues/1
Common Vulnerability Exposure (CVE) ID: CVE-2021-40978
https://github.com/mkdocs/mkdocs
https://github.com/mkdocs/mkdocs/issues/2601
https://github.com/nisdn/CVE-2021-40978
https://github.com/nisdn/CVE-2021-40978/issues/1
Common Vulnerability Exposure (CVE) ID: CVE-2021-41773
Cisco Security Advisory: 20211007 Apache HTTP Server Vulnerabilties: October 2021
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-pathtrv-LAzg68cZ
https://security.netapp.com/advisory/ntap-20211029-0009/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RMIIEFINL6FUIOPD2A3M5XC6DH45Y3CC/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WS5RVHOIIRECG65ZBTZY7IEJVWQSQPG3/
https://security.gentoo.org/glsa/202208-20
http://packetstormsecurity.com/files/164418/Apache-HTTP-Server-2.4.49-Path-Traversal-Remote-Code-Execution.html
http://packetstormsecurity.com/files/164418/Apache-HTTP-Server-2.4.49-Path-Traversal.html
http://packetstormsecurity.com/files/164629/Apache-2.4.49-2.4.50-Traversal-Remote-Code-Execution.html
http://packetstormsecurity.com/files/164941/Apache-HTTP-Server-2.4.50-Remote-Code-Execution.html
https://httpd.apache.org/security/vulnerabilities_24.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://lists.apache.org/thread.html/r98d704ed4377ed889d40479db79ed1ee2f43b2ebdd79ce84b042df45@%3Cannounce.apache.org%3E
https://lists.apache.org/thread.html/r7c795cd45a3384d4d27e57618a215b0ed19cb6ca8eb070061ad5d837@%3Cannounce.apache.org%3E
https://lists.apache.org/thread.html/r17a4c6ce9aff662efd9459e9d1850ab4a611cb23392fc68264c72cb3@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r6abf5f2ba6f1aa8b1030f95367aaf17660c4e4c78cb2338aee18982f@%3Cusers.httpd.apache.org%3E
https://lists.apache.org/thread.html/rb5b0e46f179f60b0c70204656bc52fcb558e961cb4d06a971e9e3efb@%3Cusers.httpd.apache.org%3E
http://www.openwall.com/lists/oss-security/2021/10/05/2
http://www.openwall.com/lists/oss-security/2021/10/07/6
http://www.openwall.com/lists/oss-security/2021/10/07/1
http://www.openwall.com/lists/oss-security/2021/10/08/1
http://www.openwall.com/lists/oss-security/2021/10/08/2
http://www.openwall.com/lists/oss-security/2021/10/08/3
http://www.openwall.com/lists/oss-security/2021/10/08/4
http://www.openwall.com/lists/oss-security/2021/10/08/5
http://www.openwall.com/lists/oss-security/2021/10/08/6
http://www.openwall.com/lists/oss-security/2021/10/09/1
http://www.openwall.com/lists/oss-security/2021/10/11/4
http://www.openwall.com/lists/oss-security/2021/10/15/3
http://www.openwall.com/lists/oss-security/2021/10/16/1
Common Vulnerability Exposure (CVE) ID: CVE-2021-42013
http://jvn.jp/en/jp/JVN51106450/index.html
http://packetstormsecurity.com/files/167397/Apache-2.4.50-Remote-Code-Execution.html
https://www.povilaika.com/apache-2-4-50-exploit/
http://packetstormsecurity.com/files/164501/Apache-HTTP-Server-2.4.50-Path-Traversal-Code-Execution.html
http://packetstormsecurity.com/files/164609/Apache-HTTP-Server-2.4.50-Remote-Code-Execution.html
http://packetstormsecurity.com/files/165089/Apache-HTTP-Server-2.4.50-CVE-2021-42013-Exploitation.html
https://www.oracle.com/security-alerts/cpuapr2022.html
Common Vulnerability Exposure (CVE) ID: CVE-2022-26233
http://packetstormsecurity.com/files/166577/Barco-Control-Room-Management-Suite-Directory-Traversal.html
http://seclists.org/fulldisclosure/2022/Apr/0
Common Vulnerability Exposure (CVE) ID: CVE-2022-38794
https://github.com/zyearn/zaver/issues/22
Common Vulnerability Exposure (CVE) ID: CVE-2022-45269
https://gist.github.com/robotshell/7b97af98c5dc0cacd57e6bfac90019cd
Common Vulnerability Exposure (CVE) ID: CVE-2023-22855
http://seclists.org/fulldisclosure/2023/Feb/10
http://packetstormsecurity.com/files/171046/Kardex-Mlog-MCC-5.7.12-0-a203c2a213-master-File-Inclusion-Remote-Code-Execution.html
http://packetstormsecurity.com/files/171689/Kardex-Mlog-MCC-5.7.12-Remote-Code-Execution.html
https://github.com/patrickhener/CVE-2023-22855/blob/main/advisory/advisory.md
https://www.exploit-db.com/exploits/51239
Common Vulnerability Exposure (CVE) ID: CVE-2023-46307
http://seclists.org/fulldisclosure/2023/Nov/11
http://seclists.org/fulldisclosure/2023/Nov/9
https://hub.docker.com/r/buddho/etcd-browser
https://hub.docker.com/r/buddho/etcd-browser/tags
Common Vulnerability Exposure (CVE) ID: CVE-2024-11303
Common Vulnerability Exposure (CVE) ID: CVE-2024-41628
Common Vulnerability Exposure (CVE) ID: CVE-2024-46327
Common Vulnerability Exposure (CVE) ID: CVE-2024-4956
https://support.sonatype.com/hc/en-us/articles/29416509323923
Common Vulnerability Exposure (CVE) ID: CVE-2024-6049
Common Vulnerability Exposure (CVE) ID: CVE-2024-6394
Common Vulnerability Exposure (CVE) ID: CVE-2024-6746
CopyrightCopyright (C) 2017 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.