Check Point Advisories

Security Best Practice: Protect Yourself from Directory Traversal

Check Point Reference: SBP-2006-15
Date Published: 16 Jul 2006
Severity: Critical
Last Updated: Sunday 01 January, 2006
Source: SmartDefense Research Center
Protection Provided by:
Who is Vulnerable? Web servers
Vulnerability Description Directory traversal attacks allow hackers to access files and directories that should be out of their reach. This can allow viewing of directory listings, and in many attacks, could lead to running executable code on the web server with one simple URL.
Vulnerability DetailsThere are several techniques to launch a directory traversal attack. Most of the attacks are based on using an HTTP request with a dot slash sequence "../.." within a file system. For example, http://www.server.com/first/second/../../.. is illegal because it goes deeper than the root directory. More advanced attackers can try to use encoding to run attacks.

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK