|
|
|||
| Rule General Information |
|---|
| Release Date: | 2024-01-04 | |
| Rule Name: | Directory Traversal Detection - FTP Session | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | The directory traversal vulnerability exploits Web applications to exploit operating system relative path jump characters such as... /) Lack of filtering issues resulting in directory traversal that can lead to arbitrary file access. This rule is used to detect suspicious directory traversal symbols in FTP sessions. | |
| Impact: | Through directory traversal attacks, an attacker can cause directory traversal, which may lead to any file access or upload. | |
| Affected OS: | Windows, Linux | |
| Reference: | SecurityFocusBID:12160 CVE-2004-1376 ExploitDB:16105 |
|
| Solutions |
|---|
| 1. Filter or escape the path entered by the user to ensure that the input does not contain special characters or path separators. 2. Standardize the file path entered by the user to ensure that the path conforms to the expected format and structure. 3. ensure that the file system permissions of Web servers and applications are set properly, and restrict access to sensitive files and directories. |