GEN:SID 1:806
Message WEB-CGI yabb directory traversal attempt
Summary This event is generated when an attempt is made to access a file outside the root directory of a webserver running YaBB.cgi.

Impact Information disclosure.
Detailed Information YaBB.cgi is widely used web-based BBS script. Due to input validation problems in YaBB, a remote attacker can traverse the directory structure and view any files and view any file that a webserver has access to.

This event indicates that a remote attacker has attempted to view a file outside the webservers root directory.
Affected Systems YaBB YaBB 9.1.2000
Attack Scenarios An attacker issues the following command on port 80 of the webserver:

GET http://target/cgi-bin/YaBB.pl?board=news&action=display&num=../../../../../../../../etc/passwd%00 HTTP/1.0
Ease of Attack Simple. No exploit software required.
Corrective Action Update to the latest non-affected version of the software.
Additional References  
Rule References arachnids: 462
bugtraq: 1668
cve: 2000-0853