HighRealSecure Desktop, Proventia Network IPS, RealSecure Desktop Protector 3.6, Proventia-G 1.1 and earlier, Proventia Desktop, Proventia Network IDS, IBM Security Server Protection for Windows, Proventia Network MFS, BlackICE PC Protection, BlackICE Server Protection, BlackICE Agent for Server, RealSecure Server Sensor, RealSecure Network, Virtual Server Protection for Vmware, Proventia Server IPS for Linux technology:
This signature checks for a filename with a dot dot sequence in the Content-Disposition header field of a HTTP response.
High
RealSecure Desktop: baseline, Proventia Network IPS: 2.0, RealSecure Desktop Protector 3.6: baseline, Proventia-G 1.1 and earlier: XPU 22.29, Proventia Desktop: 8.0.614.1, Proventia Network IDS: XPU 22.29, IBM Security Server Protection for Windows: 2.1.14.2400, IBM Security Server Protection for Windows: 1.0.914.0, Proventia Network MFS: XPU 1.27, BlackICE PC Protection: 3.6cpa, BlackICE Server Protection: 3.6.cpa, BlackICE Agent for Server: 3.6eof, RealSecure Server Sensor: XPU 22.29, RealSecure Network: XPU 22.29, Virtual Server Protection for Vmware: 1.0, Proventia Server IPS for Linux technology: 1.0
IBM AIX, WindRiver BSDOS, SGI IRIX, Linux Kernel, Sun Solaris, IBM OS2, Microsoft Windows 95, Data General DG/UX, Microsoft Windows NT: 4.0, Microsoft Windows 98, SCO SCO Unix, Microsoft Windows 98SE, Microsoft Windows 2000, Microsoft Windows Me, Compaq Tru64, Microsoft Windows XP, Microsoft Windows 2003 Server, Apple Mac OS X
Unauthorized Access Attempt
The Filename parameter in the Content-Disposition header field allows the sender to suggest a file name. If an application blindly accepts this file name, a file name could be crafted that would allow an attacker to save the file to a known location on the victim's hard drive.
This check is for informational purposes only.
ISS X-Force
HTTP Content-Disposition file name directory traversal
http://www.iss.net/security_center/static/16757.php