GEN:SID 1:1600
Message WEB-CGI htsearch arbitrary configuration file attempt
Summary This event is generated when an attempt is made to read a file on a host using a well known vulnerability in htdig.
Impact Severe. Unauthorized file access
Detailed Information Some versions of htdig allow inclusions to be made from configuration files as a parameter to the htsearch function. Any file can be included by enclosing it in single quotes ('foo').

Using this vulnerability, any single quoted input string (`....`) is included as an index file by htsearch. This allows an attacker to read any file on the host.

This event is generated when a request is made to the cgi script htsearch with file inclusion attempted. Refer to the rule with sid 1601 for further exploitation attempts.
Affected Systems HTDig versions 3.1.1, 3.1.2, 3.1.3, 3.1.4 and 3.2.0b1
Attack Scenarios An attacker can try to include a file in the search parameters for htdig by using the -c flag. For example:
http://www.foo.com/cgi-bin/htsearch?-c%60/anyfile%60
Ease of Attack Simple. No exploit scripts required
Corrective Action Upgrade to the latest non-affected version of the software.
Additional References Bugtraq:
http://www.securityfocus.com/bid/1026
Rule References cve: 2000-0208