CVE-2000-0705
published 2000-10-20CVE-2000-0705: ntop running in web mode allows remote attackers to read arbitrary files via a .. (dot dot) attack.
PriorityP428medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
7.96%
94.0th percentile
ntop running in web mode allows remote attackers to read arbitrary files via a .. (dot dot) attack.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| luca_deri | ntop | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vendor_redhat5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
security flaw
vendor_redhat·2000-08-07·CVSS 5.0
CVE-2000-0705 [MEDIUM] security flaw
security flaw
ntop running in web mode allows remote attackers to read arbitrary files via a .. (dot dot) attack.
Statement: This issue was fixed in the following product:
- Red Hat Powertools 6.2 - RHSA-2000:049 (2000-08-07)
GHSA
GHSA-p7c9-q84g-w8qj: ntop running in web mode allows remote attackers to read arbitrary files via a
ghsa_unreviewed·2022-04-30
CVE-2000-0705 [MEDIUM] GHSA-p7c9-q84g-w8qj: ntop running in web mode allows remote attackers to read arbitrary files via a
ntop running in web mode allows remote attackers to read arbitrary files via a .. (dot dot) attack.
No detection rules found.
Exploit-DB
1C: Arcadia Internet Store 1.0 - Arbitrary File Disclosure
exploitdb·2001-06-21
CVE-2001-0705 1C: Arcadia Internet Store 1.0 - Arbitrary File Disclosure
1C: Arcadia Internet Store 1.0 - Arbitrary File Disclosure
---
source: https://www.securityfocus.com/bid/2902/info
1C: Arcadia Internet Store is a online shopping utility for Microsoft Windows NT/2000 that is fully integratable with 1C: Enterprise, another popular Russian web-commerce utility.
One of the components of this package, 'tradecli.dll', allows users to specify a template file, the contents of which will be output. There is no filtering on '..\' character sequences. As a result, remote users can specify an arbitrary file on the same drive as the webserver by 'traversing' outside of the web root directory.
This vulnerability may disclose sensitive information to attackers.
Exploit: http://host/script/tradecli.dll?template=..\..\..\..\..\path\to\file
Exploit-DB
Luca Deri ntop 1.2 a7-9 - Unauthorized File Retrieval
exploitdb·2000-08-02
CVE-2000-0705 Luca Deri ntop 1.2 a7-9 - Unauthorized File Retrieval
Luca Deri ntop 1.2 a7-9 - Unauthorized File Retrieval
---
source: https://www.securityfocus.com/bid/1550/info
ntop is a tool that shows the network usage, similar to what the popular top Unix command does. Starting ntop in web mode (with the -w parameter) starts ntop with it's own built in HTTP server, to allow remote access to the functions it provides. ntop does not properly authenticate requests and is vulnerable to a ../../ request whereby unauthorized files can be retrieved, including files which are only readable by root.
The default directory ntop serves HTML from is /etc/ntop/html so to retrieve /etc/shadow one can request the following URL: http://URL:port/../../shadow
http://archives.neohapsis.com/archives/bugtraq/2000-07/0459.htmlhttp://www.osvdb.org/1496http://www.redhat.com/support/errata/RHSA-2000-049.htmlhttp://www.securityfocus.com/bid/1550http://archives.neohapsis.com/archives/bugtraq/2000-07/0459.htmlhttp://www.osvdb.org/1496http://www.redhat.com/support/errata/RHSA-2000-049.htmlhttp://www.securityfocus.com/bid/1550
2000-10-20
Published