Directory Traversal
Directory Traversal is a malicious HTTP exploit that may enable attackers to gain access to restricted directories and data outside the normal Web server directory where the application content is stored. In some cases, malicious users can leverage this vulnerability to escalate privileges and execute commands remotely.
Directory traversal vulnerabilities can exist either in the Web server platform or in Web application code executed by the Web server and occur when input from browsers is not validated.
Implications of Directory Traversal
A system that is vulnerable to directory traversal enables an attacker to step out of the root directory and access other parts of the file system located on the Web server. This could give the attacker access to restricted files and databases or more importantly, it could provide attackers with the ability to execute commands that can lead to data theft or destruction of the system at large.
How Nexpose Helps
Nexpose can scan your Web server and applications for directory traversal as well as other Web vulnerabilities to provide you with a report on the risk posed to your organization and how to remediate the vulnerability.
