CVE-2001-1152
CVSS7.5
发布时间 :2001-09-05 00:00:00
修订时间 :2008-09-05 16:25:49
NMCOS    

[原文]Baltimore Technologies WEBsweeper 4.02, when used to manage URL blacklists, allows remote attackers to bypass blacklist restrictions and connect to unauthorized web servers by modifying the requested URL, including (1) a // (double slash), (2) a /SUBDIR/.. where the desired file is in the parentdir, (3) a /./, or (4) URL-encoded characters.


[CNNVD]WEBsweeper 受限目录内容泄漏漏洞(CNNVD-200109-014)

        CVE(CAN) ID: CAN-2001-1152
        
        
        
        WEBSweeper 是Baltimore 科技公司的web内容安全解决方案。它保证客户实现HTTP,FTP传
        
        输的内容安全策略。它可以在网关处进行URL过滤。然而,由于存在一些设计漏洞,允许
        
        攻击者轻易地绕过管理员设置的限制。内部用户可以绕过WebSweeper的限制,经过授权的
        
        web服务器也可以重定向用户到那些未经授权的web服务器。
        
        
        
        
        
        

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1152
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2001-1152
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200109-014
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/cgi-bin/vulns-item.pl?section=info&id=3296
(VENDOR_ADVISORY)  BID  3296
http://www.securityfocus.com/archive/1/212283
(VENDOR_ADVISORY)  BUGTRAQ  20010905 Various problems in Baltimore WebSweeper URL filtering
http://www.mimesweeper.com/support/technotes/notes/1043.asp
(VENDOR_ADVISORY)  MISC  http://www.mimesweeper.com/support/technotes/notes/1043.asp

- 漏洞信息

WEBsweeper 受限目录内容泄漏漏洞
高危 输入验证
2001-09-05 00:00:00 2005-10-20 00:00:00
远程  
        CVE(CAN) ID: CAN-2001-1152
        
        
        
        WEBSweeper 是Baltimore 科技公司的web内容安全解决方案。它保证客户实现HTTP,FTP传
        
        输的内容安全策略。它可以在网关处进行URL过滤。然而,由于存在一些设计漏洞,允许
        
        攻击者轻易地绕过管理员设置的限制。内部用户可以绕过WebSweeper的限制,经过授权的
        
        web服务器也可以重定向用户到那些未经授权的web服务器。
        
        
        
        
        
        

- 公告与补丁

        
        
        厂商补丁:
        
        
        
        厂商认为WebSweeper并不是主要用来进行URL过滤的,它主要是对web内容进行分析的,用
        
        户不应该依赖它的URL过滤功能:
        
        
        http://www.mimesweeper.com/support/technotes/notes/1043.asp

        
        
        

- 漏洞信息

59512
WEBsweeper Multiple Method Blacklist Restriction Bypass
Remote / Network Access Input Manipulation
Loss of Integrity
Exploit Public

- 漏洞描述

Unknown or Incomplete

- 时间线

2001-09-05 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Baltimore Technologies WEBsweeper Restricted Directory Disclosure Vulnerability
Input Validation Error 3296
Yes No
2001-09-05 12:00:00 2009-07-11 07:56:00
Discovered and posted to Bugtraq by edvice Security Services <support@edvicesecurity.com> on Sep 5, 2001.

- 受影响的程序版本

Baltimore Technologies WEBsweeper 4.0 2
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5

- 漏洞讨论

WEBsweeper is an application which implements content security of suspicious filetypes, hidden mailtos, web content, HTTP and FTP transfers, scripts, etc.

Due to a flaw in WEBsweeper, a remote user could gain access to known restricted web directories. Requesting for a known directory along with specially chosen characters, could reveal the contents of the unauthorized directory.

- 漏洞利用

Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com &lt;mailto:vuldb@securityfocus.com&gt;.

- 解决方案

Baltimore Technologies has released a technote document, which suggests that it is not practical to use WEBsweeper to administer URL blacklists.

http://www.mimesweeper.com/support/technotes/notes/1043.asp

Currently the SecurityFocus staff are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站