CVE-2001-1152

Name of the Vulnerable Software and Affected Versions Baltimore Technologies WEBsweeper version 4.02

Description The issue allows remote attackers to bypass blacklist restrictions and connect to unauthorized web servers by modifying the requested URL. This can be achieved through various methods, including using a // (double slash), a /SUBDIR/.. to access files in the parent directory, a /./, or URL-encoded characters.

Recommendations For version 4.02, consider implementing additional URL validation and sanitization to prevent attackers from bypassing blacklist restrictions. As a temporary workaround, restrict access to sensitive web servers and monitor URL requests for suspicious patterns.