CIS WebServer Remote Directory Traversal Vulnerability
BID:12662
Info
CIS WebServer Remote Directory Traversal Vulnerability
| Bugtraq ID: | 12662 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 25 2005 12:00AM |
| Updated: | Feb 25 2005 12:00AM |
| Credit: | Discovery of this vulnerability is credited to "CorryL" <[email protected]>. |
| Vulnerable: |
CIS WebServer 3.5.13 |
| Not Vulnerable: | |
Discussion
CIS WebServer Remote Directory Traversal Vulnerability
A vulnerability has been identified in the handling of certain types of requests by CIS WebServer. Because of this, it is possible for an attacker to gain access to potentially sensitive system files.
The problem is in the handling of directory traversal strings. This issue could be exploited to gain read access to files on a host using the vulnerable software.
A vulnerability has been identified in the handling of certain types of requests by CIS WebServer. Because of this, it is possible for an attacker to gain access to potentially sensitive system files.
The problem is in the handling of directory traversal strings. This issue could be exploited to gain read access to files on a host using the vulnerable software.
Exploit / POC
CIS WebServer Remote Directory Traversal Vulnerability
The following example is available:
http://www.example.com/../../../windows/repair/sam
The following example is available:
http://www.example.com/../../../windows/repair/sam
Solution / Fix
CIS WebServer Remote Directory Traversal Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
CIS WebServer Remote Directory Traversal Vulnerability
References:
References:
- CIS WebServer Directory Traversal Bug ("CorryL"