e72303a922
The modified version of pull request #453. This addresses a couple of things including: * Change the description to better explain what the vulnerability is. The advisory focuses the problem as an auth bypass, not DoS, although it can end up dosing the server. * The title and filename are changed as a result of matching that advisory's description. * Use 'TARGETURI' option instead of 'URI'. * The reset attempt needs to check if the directory actually has 401 in place, otherwise this may result a false-positive. * The last HTTP request needs to check a possible nil return value. * More verbose outputs. |
||
|---|---|---|
| .. | ||
| contentkeeper_fileaccess.rb | ||
| hp_web_jetadmin_exec.rb | ||
| intersil_pass_reset.rb | ||
| iomega_storcenterpro_sessionid.rb | ||
| jboss_seam_exec.rb | ||
| tomcat_administration.rb | ||
| tomcat_utf8_traversal.rb | ||
| trendmicro_dlp_traversal.rb | ||
| typo3_sa_2009_001.rb | ||
| typo3_sa_2009_002.rb | ||
| typo3_sa_2010_020.rb | ||
| typo3_winstaller_default_enc_keys.rb | ||