ID CVE-2000-1191
Summary htsearch program in htDig 3.2 beta, 3.1.6, 3.1.5, and earlier allows remote attackers to determine the physical path of the server by requesting a non-existent configuration file using the config parameter, which generates an error message that includes the full path.
References
Vulnerable Configurations
CVSS
Base: 5.0 (as of 19-10-2017 - 01:29)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:N/A:N
oval via4
accepted 2013-04-29T04:06:26.900-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
description htsearch program in htDig 3.2 beta, 3.1.6, 3.1.5, and earlier allows remote attackers to determine the physical path of the server by requesting a non-existent configuration file using the config parameter, which generates an error message that includes the full path.
family unix
id oval:org.mitre.oval:def:10526
status accepted
submitted 2010-07-09T03:56:16-04:00
title htsearch program in htDig 3.2 beta, 3.1.6, 3.1.5, and earlier allows remote attackers to determine the physical path of the server by requesting a non-existent configuration file using the config parameter, which generates an error message that includes the full path.
version 29
redhat via4
rpms
  • htdig-2:3.1.6-7.el3
  • htdig-debuginfo-2:3.1.6-7.el3
refmap via4
bid 4366
misc http://www.securiteam.com/exploits/htDig_reveals_web_server_configuration_paths.html
xf htdig-htsearch-path-disclosure(7367)
Last major update 19-10-2017 - 01:29
Published 31-08-2001 - 04:00
Last modified 19-10-2017 - 01:29
Back to Top