Published:2005/03/08 Last Updated:2008/05/21
JVN#8BAAAB4E
msearch directory traversal vulnerability
Overview
msearch, a full-text search engine for web sites, contains a directory traversal vulnerability when used on Windows and Linux servers.
Products Affected
- msearch ver. 1.50 and 1.51
- Unicode version of msearch ver. 1.51
Description
Impact
A remote attacker could view msearch configuration files, index files, and other files written in the same format as these files.
Solution
Vendor Status
| Vendor | Status | Last Update | Vendor Notes |
|---|---|---|---|
| kiteya.net | Vulnerable | 2005/03/08 | |
| Unicode msearch | Vulnerable | 2005/03/08 |
References
JPCERT/CC Addendum
Credit
Other Information
| JPCERT Alert | |
| JPCERT Reports |
JPCERT-WR-2005-1101 JPCERT/CC REPORT 2005-03-16 |
| CERT Advisory | |
| CPNI Advisory | |
| TRnotes | |
| CVE | |
| JVN iPedia |
JVNDB-2005-000758 |