MediumRealSecure Desktop Protector, RealSecure Server Sensor, RealSecure Network, BlackICE Server Protection, BlackICE PC Protection, BlackICE Agent for Server, RealSecure Sentry, RealSecure Guard, Proventia Network MFS, IBM Security Server Protection for Windows, Proventia Desktop, Proventia Network IDS, Proventia-G 1.1 and earlier, RealSecure Desktop Protector 3.6, Proventia Network IPS, Proventia Server IPS for Linux technology, Virtual Server Protection for Vmware:
This signature detects HTTP GET requests that contain "/..." in the data.
This signature detects HTTP GET requests that contain "/..." in the argument data.
Medium
RealSecure Desktop Protector: 3.6, RealSecure Server Sensor: 7.0, RealSecure Network: 7.0, BlackICE Server Protection: 3.6.cbd, BlackICE PC Protection: 3.6.cbd, BlackICE Agent for Server: 3.6, RealSecure Sentry: 3.6, RealSecure Guard: 3.6, Proventia Network MFS: 1.0, IBM Security Server Protection for Windows: 2.1.14.2400, IBM Security Server Protection for Windows: 1.0.914.0, Proventia Desktop: 8.0.614.1, Proventia Network IDS: A Series, Proventia-G 1.1 and earlier: G Series, RealSecure Desktop Protector 3.6: baseline, Proventia Network IPS: 2.0, Proventia Server IPS for Linux technology: 1.0, RealSecure Desktop: baseline, Virtual Server Protection for Vmware: 1.0
Various vendors Any application, IETF HTTP/1.1
Suspicious Activity
An attacker may attempt to traverse directories on vulnerable servers by using "dot dot" sequences in URLs (or, in this case, "dot dot dot" sequences), such as "/...". This could allow an attacker to view the contents of otherwise secure directories.
No remedy available as of March 2002.
ISS X-Force
HTTP GET request contains "dot dot dot"
http://www.iss.net/security_center/static/8081.php