PServ Remote Source Code Disclosure Vulnerability
BID:13638
Info
PServ Remote Source Code Disclosure Vulnerability
| Bugtraq ID: | 13638 |
| Class: | Design Error |
| CVE: |
CVE-2005-1366 |
| Remote: | Yes |
| Local: | No |
| Published: | May 16 2005 12:00AM |
| Updated: | Jul 12 2009 02:56PM |
| Credit: | Discovery is credited to Claus R. F. Overbeck <[email protected]>. |
| Vulnerable: |
Pserv Pserv 3.2 |
| Not Vulnerable: |
Pserv Pserv 3.3 |
Discussion
PServ Remote Source Code Disclosure Vulnerability
pServ is affected by a remote source code disclosure vulnerability.
When handling a specially-crafted URI request, the application discloses the source code of scripts in the 'cgi-bin' directory.
Information gathered through this attack could be used to launch further attacks against a system.
pServ is affected by a remote source code disclosure vulnerability.
When handling a specially-crafted URI request, the application discloses the source code of scripts in the 'cgi-bin' directory.
Information gathered through this attack could be used to launch further attacks against a system.
Exploit / POC
PServ Remote Source Code Disclosure Vulnerability
An exploit is not required.
The following proof of concept is available:
http://www.example.com/somedir/../cgi-bin/test.pl
An exploit is not required.
The following proof of concept is available:
http://www.example.com/somedir/../cgi-bin/test.pl
Solution / Fix
PServ Remote Source Code Disclosure Vulnerability
Solution:
pserv 3.3 is invulnerable to this issue.
Pserv Pserv 3.2
Solution:
pserv 3.3 is invulnerable to this issue.
Pserv Pserv 3.2
-
pServ pserv-3.3.tar.gz
http://prdownloads.sourceforge.net/pserv/pserv-3.3.tar.gz?download
References
PServ Remote Source Code Disclosure Vulnerability
References:
References:
- Pserv Home Page (Pserv)
- Pico Server (pServ) Information Disclosure Of CGI Sources ("Claus R. F. Overbeck"
)