Status:

Entry

Description:

AltaVista search engine allows remote attackers to read files above the document root via a .. (dot dot) in the query.cgi CGI program.

Reference:

  • BUGTRAQ:19991229 AltaVista
  • BUGTRAQ:19991230 Follow UP AltaVista
  • BUGTRAQ:19991229 AltaVista followup and monitor script
  • BUGTRAQ:20000103 FW: Patch issued for AltaVista Search Engine Directory TraversalVulnerability
  • BUGTRAQ:20000109 Altavista followup
  • BID:896
  • URL:http://www.securityfocus.com/bid/896
  • OSVDB:15
  • URL:http://www.osvdb.org/15
CVE IDProtocolSoursePortTargetPort
CVE-2000-0039tcpany80

Other Vulnerabilities:

Year CEV (3053)
Common Vulnerabilities
and Exposures
CAN (20174)
Candidate
1999CVE-1999 (821)CAN-1999 (749 )
2000CVE-2000 (808)CAN-2000 (423 )
2001CVE-2001 (625)CAN-2001 (934 )
2002CVE-2002 (643)CAN-2002 (1566)
2003CVE-2003 (81 )CAN-2003 (1236)
2004CVE-2004 (75 )CAN-2004 (2601)
2005-CAN-2005 (4825)
2006-CAN-2006 (6982)
2007-CAN-2007 (858 )