PServ Symbolic Link Information Disclosure Vulnerability
BID:13634
Info
PServ Symbolic Link Information Disclosure Vulnerability
| Bugtraq ID: | 13634 |
| Class: | Input Validation Error |
| CVE: |
CVE-2005-1367 |
| Remote: | No |
| Local: | Yes |
| Published: | May 16 2005 12:00AM |
| Updated: | Jul 12 2009 02:56PM |
| Credit: | Discovered by Claus R. F. Overbeck <[email protected]>. |
| Vulnerable: |
Pserv Pserv 3.3 Pserv Pserv 3.2 |
| Not Vulnerable: | |
Discussion
PServ Symbolic Link Information Disclosure Vulnerability
pServ is prone to an information disclosure vulnerability through symbolic link files. This occurs because the application will follow symbolic links to files outside the Web root.
This issue was reported to affect pServ 3.2 and 3.3; other versions are likely vulnerable.
pServ is prone to an information disclosure vulnerability through symbolic link files. This occurs because the application will follow symbolic links to files outside the Web root.
This issue was reported to affect pServ 3.2 and 3.3; other versions are likely vulnerable.
Exploit / POC
PServ Symbolic Link Information Disclosure Vulnerability
An exploit is not required.
An exploit is not required.
Solution / Fix
PServ Symbolic Link Information Disclosure Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
PServ Symbolic Link Information Disclosure Vulnerability
References:
References:
- Pserv Home Page (Pserv)
- Pico Server (pServ) Local Information Disclosure ("Claus R. F. Overbeck"
)