Back to search
CVE-2001-1152
Published: Mar 15, 2002
Modified: Aug 8, 2024
PUBLISHED
Description
Baltimore Technologies WEBsweeper 4.02, when used to manage URL blacklists, allows remote attackers to bypass blacklist restrictions and connect to unauthorized web servers by modifying the requested URL, including (1) a // (double slash), (2) a /SUBDIR/.. where the desired file is in the parentdir, (3) a /./, or (4) URL-encoded characters.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://www.mimesweeper.com/support/technotes/notes/1043.asp
x_refsource_MISC
20010905 Various problems in Baltimore WebSweeper URL filtering
mailing-list
x_refsource_BUGTRAQ
3296
vdb-entry
x_refsource_BID
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now