Rule: -- Sid: 1001 -- Summary: This event is generated when an attempt is made to exploit a vulnerability on an iCat Carbo Server. -- Impact: Serious. Information disclosure. -- Detailed Information: The iCat Carbo server, which is part of the Electronic Commerce Suite, does not properly check HTTP requests and will give access to any file object residing on the system when it receives a request such as http://target/carbo.dll?icatcommand=..\..\directory/filename.ext&catalogname=catalog -- Affected Systems: iCat Electronica Commerce Suite 3.0 -- Attack Scenarios: An attacker can view any file on the server, including sensitive password files. The information disclosed can then be used to facilitate further attacks on the system. -- Ease of Attack: Simple. -- False Positives: None known. -- False Negatives: None known. -- Corrective Action: None known. -- Contributors: Sourcefire Research Team Brian Caswell <bmc@sourcefire.com> Nigel Houghton <nigel.houghton@sourcefire.com> Snort documentation contributed by Josh Sakofsky -- Additional References: Bugtraq: http://www.securityfocus.com/bid/2126 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1069 --