Published:2005/03/08  Last Updated:2008/05/21

JVN#8BAAAB4E
msearch directory traversal vulnerability

Overview

msearch, a full-text search engine for web sites, contains a directory traversal vulnerability when used on Windows and Linux servers.

Products Affected

  • msearch ver. 1.50 and 1.51
  • Unicode version of msearch ver. 1.51

Description

Impact

A remote attacker could view msearch configuration files, index files, and other files written in the same format as these files.

Solution

Vendor Status

Vendor Status Last Update Vendor Notes
kiteya.net Vulnerable 2005/03/08
Unicode msearch Vulnerable 2005/03/08

References

JPCERT/CC Addendum

Credit

Other Information

JPCERT Alert
JPCERT Reports JPCERT-WR-2005-1101 JPCERT/CC REPORT 2005-03-16
CERT Advisory
CPNI Advisory
TRnotes
CVE
JVN iPedia JVNDB-2005-000758

Update History