MediumRealSecure Network, RealSecure Server Sensor, RealSecure Desktop Protector, BlackICE Agent for Server, BlackICE PC Protection, RealSecure Sentry, RealSecure Guard, Proventia Server IPS for Microsoft Windows technology, BlackICE Server Protection, Proventia Network MFS, Proventia Network IDS, Proventia-G 1.1 and earlier, RealSecure Desktop Protector 3.6, Proventia Server IPS for Linux technology, Proventia Desktop, Proventia Network IPS:
This signature detects HTTP GET requests that contain "/..." in the argument data.
This signature detects HTTP GET requests that contain "/..." in the data.
Medium
RealSecure Network: 7.0, RealSecure Server Sensor: 7.0, RealSecure Desktop Protector: 3.6, BlackICE Agent for Server: 3.6, BlackICE PC Protection: 3.6.cbd, RealSecure Sentry: 3.6, RealSecure Guard: 3.6, Proventia Server IPS for Microsoft Windows technology: 1.0.914.0, BlackICE Server Protection: 3.6.cbd, Proventia Network MFS: 1.0, Proventia Network IDS: A Series, Proventia-G 1.1 and earlier: G Series, RealSecure Desktop Protector 3.6: baseline, Proventia Server IPS for Linux technology: 1.0, Proventia Desktop: 8.0.614.1, Proventia Network IPS: 2.0, RealSecure Desktop: baseline
Various vendors Any application, IETF HTTP/1.1
Suspicious Activity
An attacker may attempt to traverse directories on vulnerable servers by using "dot dot" sequences in URLs (or, in this case, "dot dot dot" sequences), such as "/...". This could allow an attacker to view the contents of otherwise secure directories.
No remedy available as of March 2002.
ISS X-Force
HTTP GET request contains "dot dot dot"
http://www.iss.net/security_center/static/8081.php