Published:2005/10/28 Last Updated:2008/05/21
JVN#18282718
Hyper Estraier directory traversal/denial of service vulnerability
Overview
Hyper Estraier, a full text search system, contains a vulnerability in the process of creating index files.
Products Affected
- Versions earlier than Hyper Estraier Version 1.0.1 (Windows versions only)
Description
Impact
If a remote attacker sends a specially crafted file and a user saves it in a search target directory, the attacker could register a file not to be searched in an index when the user creats an index, or cause a denial of service.
Solution
References
JPCERT/CC Addendum
Credit
Yosuke Hasegawa reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendors under Information Security Early Warning Partnership.
Other Information
| JPCERT Alert | |
| JPCERT Reports | |
| CERT Advisory | |
| CPNI Advisory | |
| TRnotes | |
| CVE | |
| JVN iPedia |
JVNDB-2005-000793 |