Vulnerabilities > CVE-2005-3163 - Unspecified vulnerability in Polipo

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

nessus

NVD

Published: 2005-10-06

Updated: 2008-09-05

Summary

Unspecified vulnerability in Polipo 0.9.8 and earlier allows attackers to read files outside of the web root.

Part	Description	Count
Application	Polipo Polipo Polipo 0.9 Polipo Polipo 0.9.1 Polipo Polipo 0.9.2 Polipo Polipo 0.9.3 Polipo Polipo 0.9.4 Polipo Polipo 0.9.5 Polipo Polipo 0.9.6 Polipo Polipo 0.9.7 Polipo Polipo 0.9.8	9

NASL family	Web Servers
NASL id	POLIPO_DIR_TRAVERSAL.NASL
description	The remote host is running the Polipo caching web proxy. In addition to caching web pages, the software also functions as a web server for providing access to documentation, cached pages, etc. The built-in web server in the installed version of Polipo fails to filter directory traversal sequences from requests. By exploiting this issue, an attacker may be able to retrieve files located outside the local web root, subject to the privileges of the userid under which Polipo runs.
last seen	2020-06-01
modified	2020-06-02
plugin id	19940
published	2005-10-06
reporter	This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/19940
title	Polipo < 0.9.9 Unspecified Traversal Arbitrary File Access