Intrusion Prevention

Commerce.Directory.Traversal

Description

It indicates a directory traversal vulnerability in Carey Internet Services commerce.cgi script.


There exists a directory traversal vulnerability in commerce.cgi CGI program of Carey Internet Service that allows an attacker to read arbitrary files on a target system by sending a specially-crafted URL request.

Affected Products

Any unprotected Carey Internet Service commerce.cgi 2.0.1 is vulnerable to the attack.

Impact

It is possible for a attacker to gain read access to directories and files outside the root directory of Carey Internet Services Commerce.cgi.

Recommended Actions

Upgrade the program to the latest non-vulnerable version.


CVE References

CVE-2001-0210