RealSecure Server Sensor, RealSecure Guard, RealSecure Desktop Protector, BlackICE Agent for Server, Proventia Server IPS for Microsoft Windows technology, BlackICE Server Protection, BlackICE PC Protection, RealSecure Sentry, Proventia Network MFS, Proventia-G 1.1 and earlier, Proventia Network IPS, Proventia Desktop, Proventia Server IPS for Linux technology, RealSecure Network:
This signature detects HTTP GET requests that contain "/..." in the argument data.
This signature detects HTTP GET requests that contain "/..." in the data.
Medium
RealSecure Server Sensor: 7.0, RealSecure Guard: 3.6, RealSecure Desktop Protector: 3.6, BlackICE Agent for Server: 3.6, Proventia Server IPS for Microsoft Windows technology: 1.0.914.0, BlackICE Server Protection: 3.6.cbd, BlackICE PC Protection: 3.6.cbd, RealSecure Sentry: 3.6, Proventia Network MFS: 1.0, Proventia-G 1.1 and earlier: G Series, Proventia Network IPS: 2.0, Proventia Desktop: 8.0.614.1, Proventia Server IPS for Linux technology: 1.0, RealSecure Network: 7.0
Various vendors Any application, Various vendors HTTP
Suspicious Activity
An attacker may attempt to traverse directories on vulnerable servers by using "dot dot" sequences in URLs (or, in this case, "dot dot dot" sequences), such as "/...". This could allow an attacker to view the contents of otherwise secure directories.
No remedy available as of March 2002.
ISS X-Force
HTTP GET request contains "dot dot dot"
http://www.iss.net/security_center/static/8081.php