| Mrtg/RRD
14all.cgi Path Disclosure Vulnerability
Type Input Validation Error Release Date February 4, 2002 Product / Vendor 14all.cgi is a CGI script to create html pages and graphics for Mrtg. http://people.ee.ethz.ch/~oetiker/webtools/mrtg/mrtg-rrd.html Summary If an attacker submits a web request containing unexpected arguments for script variables, an error message will be displayed containing the path to the webroot directory of the server running the Mrtg/RRD 14all.cgi script. http://host/mrtg.cgi?cfg=blabla Tested Mrtg/RRD 14all.cgi v1.1p15 Vulnerable Mrtg/RRD 14all.cgi v1.1p15 And may be other. Disclaimer http://www.securityoffice.net is not responsible for the misuse or illegal use of any of the information and/or the software listed on this security advisory. Author Tamer Sahin |