RealSecure Desktop, Proventia Network IPS, RealSecure Desktop Protector 3.6, IBM Security Host Protection for Desktops, BlackICE PC Protection, BlackICE Server Protection, RealSecure Sentry, RealSecure Guard, BlackICE Agent for Server, RealSecure Network, RealSecure Server Sensor, Proventia-G 1.1 and earlier, Proventia Network IDS, Proventia Network MFS, IBM Security Host Protection for Servers (Windows), Proventia Server IPS for Linux technology, Virtual Server Protection for Vmware, IBM Security Host Protection for Servers (Unix):
This signature detects an HTTP GET request for the wayboard.cgi file. The request includes an argument that starts with "db" and ends with "00".
RealSecure Desktop: baseline, Proventia Network IPS: 2.0, RealSecure Desktop Protector 3.6: baseline, IBM Security Host Protection for Desktops: 8.0.614.1, BlackICE PC Protection: 3.6.cbd, BlackICE Server Protection: 3.6.cbd, RealSecure Sentry: 3.6, RealSecure Guard: 3.6, RealSecure Desktop Protector: 3.6, BlackICE Agent for Server: 3.6, RealSecure Network: 7.0, RealSecure Server Sensor: 7.0, Proventia-G 1.1 and earlier: G Series, Proventia Network IDS: A Series, Proventia Network MFS: 1.0, IBM Security Host Protection for Servers (Windows): 184.108.40.2060, IBM Security Host Protection for Servers (Windows): 1.0.914.0, Proventia Server IPS for Linux technology: 1.0, Virtual Server Protection for Vmware: 1.0, IBM Security Host Protection for Servers (Unix): 2.2.2
Way-BOARD Way-BOARD cgi
Unauthorized Access Attempt
Way-BOARD could allow a remote attacker to view unauthorized files on the Web server. A remote attacker can append %00 to an HTTP request of a known file to cause the contents of the file to be returned and gain access to sensitive information. This vulnerability can only be exploited on systems where Perl is installed.
No remedy available as of June 1, 2013.
BugTraq Mailing List, Mon Feb 12 2001 - 08:16:44 CST
Way-board: "show files" Vulnerability with null bite bug
Way-BOARD CGI could allow attackers to view unauthorized files