Jeuce Personal Web Server Directory Traversal And Denial Of Service Vulnerabilities
BID:12183
Info
Jeuce Personal Web Server Directory Traversal And Denial Of Service Vulnerabilities
| Bugtraq ID: | 12183 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 06 2005 12:00AM |
| Updated: | Jan 06 2005 12:00AM |
| Credit: | Ziv Kamir <[email protected]> disclosed these vulnerabilities. |
| Vulnerable: |
Jeuce Personal Web Server 2.13 |
| Not Vulnerable: | |
Discussion
Jeuce Personal Web Server Directory Traversal And Denial Of Service Vulnerabilities
It is reported that Jeuce Personal Web Server is susceptible to remote directory traversal and denial of service vulnerabilities.
The directory traversal vulnerability is due to a failure of the application to properly sanitize user-supplied input data. This vulnerability reportedly allows remote attackers to retrieve the contents of arbitrary, potentially sensitive files located on the serving computer with the credentials of the affected server process.
The denial of service vulnerability reportedly allows remote attackers to cause the affected application to either crash, or refuse to service further requests.
Version 2.13 of Jeuce Personal Web Server is reportedly affected by these vulnerabilities. Other versions may also be affected.
It is reported that Jeuce Personal Web Server is susceptible to remote directory traversal and denial of service vulnerabilities.
The directory traversal vulnerability is due to a failure of the application to properly sanitize user-supplied input data. This vulnerability reportedly allows remote attackers to retrieve the contents of arbitrary, potentially sensitive files located on the serving computer with the credentials of the affected server process.
The denial of service vulnerability reportedly allows remote attackers to cause the affected application to either crash, or refuse to service further requests.
Version 2.13 of Jeuce Personal Web Server is reportedly affected by these vulnerabilities. Other versions may also be affected.
Exploit / POC
Jeuce Personal Web Server Directory Traversal And Denial Of Service Vulnerabilities
An example sufficient to trigger the directory traversal issue:
http://www.example.com/../winnt/repair/sam
An example sufficient to trigger the denial of service issue:
http://www.example.com/://
An example sufficient to trigger the directory traversal issue:
http://www.example.com/../winnt/repair/sam
An example sufficient to trigger the denial of service issue:
http://www.example.com/://
Solution / Fix
Jeuce Personal Web Server Directory Traversal And Denial Of Service Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
Jeuce Personal Web Server Directory Traversal And Denial Of Service Vulnerabilities
References:
References:
- Personal Web Server Home Page (Jeuce)