CVE-2004-2640

Name of the Vulnerable Software and Affected Versions LinuxStat versions prior to 2.3.1

Description A directory traversal issue exists, allowing remote attackers to read arbitrary files. This can be achieved through the use of (1) .. (dot dot) sequences or (2) absolute paths to the template parameter.

Recommendations For versions prior to 2.3.1, update to version 2.3.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the lstat.cgi script until a patch is applied. Avoid using absolute paths or .. (dot dot) sequences in the template parameter to minimize the risk of exploitation.