Vulnerabilities > CVE-2005-3163 - Unspecified vulnerability in Polipo
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
Unspecified vulnerability in Polipo 0.9.8 and earlier allows attackers to read files outside of the web root.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 9 |
Nessus
NASL family | Web Servers |
NASL id | POLIPO_DIR_TRAVERSAL.NASL |
description | The remote host is running the Polipo caching web proxy. In addition to caching web pages, the software also functions as a web server for providing access to documentation, cached pages, etc. The built-in web server in the installed version of Polipo fails to filter directory traversal sequences from requests. By exploiting this issue, an attacker may be able to retrieve files located outside the local web root, subject to the privileges of the userid under which Polipo runs. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 19940 |
published | 2005-10-06 |
reporter | This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/19940 |
title | Polipo < 0.9.9 Unspecified Traversal Arbitrary File Access |