PC report vulnerability WEBROOT DIRECTORY TRAVERSAL

[Pern]

(http_inspect) PROTOCOL-OTHER HTTP server response before client request -- 2019-10-26 23:16:22
(http_inspect) WEBROOT DIRECTORY TRAVERSAL

this comes up in snort

webserver in dedicated server should not allow for directory contents or read files within webserver other than web files

this attack is coming from a host in vietnam 14.169.250.130

 

[®omano]

What do you mean? Anyone who access your webadmin adress will be served with the content of the page. What am I not understanding here? Also you are limited in what web server files you can request if not logged in I believe. I verified and I got 404 error when accessing a folder, or a login page when accessing the root. Please explain I'm curious.

 

[Pern]

snort blocked someone from accessing files within the webserver using another protocl other than http. which means someone was able to see files using another protocol which is bad. if I didnt have snort, that means that connection would have been successful.

at least that is what I am interpreting from snort using that rule to block that user from vietnam.

 

[®omano]

It blocked an attempt but did you try if that was possible to do Directory Traversal? I couldn't.

edit: I don't say an exploit doesn't exist, but it may simply be snort reporting an attempt and not a successful attempt.

 

[Pern]

got another attempt, this time from a russian ip

snort blocked it, but if I didnt have snort, would it be possible to exploit this?

 

[®omano]

As I said (but I'm not an expert especially with snort) an attempt has been blocked but that doesn't mean an exploit exists in web admin. That would be cool though to have TWI's insight on the matter..

@Yoshiro
@Kittenmittens