• Nexpose
  • Overview
  • Features
  • Architecture & Open API
  • Try NeXpose
  • Buy NeXpose
  • System Requirements
  • Vulnerabilities Tested
  • NeXpose Information
• Solutions
  • Web Application VA
  • Database VA
  • Network & OS VA
  • Compliance Scanning
• Services
  • PCI Compliance Testing
  • Penetration Testing
  • Web Application Security Audits
  • Best Practices Consulting
  • Social Engineering
  • NeXpose Training
• Support
  • NeXpose FAQ
  • System Requirements
  • Support Form
  • Vulnerabilities Tested
  • Customer Center Login
• Security Center
  • Advisories
  • Vulnerabilities Tested
  • Compliance
  • White Papers & Articles
  • SSHredder Test Suite
• Company
  • Management
  • Customers
  • Partners
  • Press Room
  • Events
  • Contact
  • Careers
• Customers

• Advisories
• Vulnerabilities Tested
• Compliance
• White Papers & Articles
  • SQL Injection
  • Cross-Site Scripting
  • Directory Traversal
  • Public Hub Traffic
  • Modem Intruders
  • Infected Laptops
  • VPN Insecurity
  • Firewall Fallacies
• SSHredder Test Suite

Of further interest:

• NeXpose White Paper

Related services:

• Web Application Security Audits

Directory Traversal

Directory Traversal is a malicious HTTP exploit that enables attackers to execute commands and gain access to restricted directories and data outside the normal web server directory where the application content is stored. Directory traversal vulnerabilities can exist either in the Web server platform or in Web application code executed by the Web server and occur when input from browsers is not validated.

Implications of Directory Traversal

A system that is vulnerable to directory traversal enables an attacker to step out of the root directory and access other parts of the file system located on the Web server. This could give the attacker access to restricted files and databases or more importantly, it could provide attackers with the ability to execute commands that can lead to data theft or destruction of the system at large.

How NeXpose Helps

NeXpose can scan your web server and applications for directory traversal and other web vulnerabilities and give you a report on the risk to your organization and how to eliminate the exposure.

Copyright © 2001 - 2008, Rapid7, LLC. All Rights Reserved.

• Home
• |
• Nexpose
• |
• Solutions
• |
• Services
• |
• Support
• |
• Security Center
• |
• Company
• |
• Contact