Roxen WebServer %00 Request File/Directory Disclosure Vulnerability
BID:1510
Info
Roxen WebServer %00 Request File/Directory Disclosure Vulnerability
| Bugtraq ID: | 1510 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jul 21 2000 12:00AM |
| Updated: | Jul 21 2000 12:00AM |
| Credit: | Discussed in a message posted to Bugtraq by <[email protected]>. |
| Vulnerable: |
Roxen WebServer 2.0 .X |
| Not Vulnerable: |
Roxen WebServer 2.0.69 Roxen WebServer 1.4 .X Roxen WebServer 1.3 .X Roxen WebServer 1.2 .X Roxen WebServer 1.1 .X |
Discussion
Roxen WebServer %00 Request File/Directory Disclosure Vulnerability
If a request containing the null character (%00) is made to the Roxen Web Server, the server will return directory contents, and the source of unparsed scripts and html pages.
For example, a request to
http://www.server.com/%00
Will return the contents of the server's document root directory.
Versions of Roxen WebServer 2.0 prior to 2.0.69 are affected.
If a request containing the null character (%00) is made to the Roxen Web Server, the server will return directory contents, and the source of unparsed scripts and html pages.
For example, a request to
http://www.server.com/%00
Will return the contents of the server's document root directory.
Versions of Roxen WebServer 2.0 prior to 2.0.69 are affected.
Exploit / POC
Roxen WebServer %00 Request File/Directory Disclosure Vulnerability
http://www.server.com/[file]%00
http://www.server.com/[file]%00
Solution / Fix
Roxen WebServer %00 Request File/Directory Disclosure Vulnerability
Solution:
The recommended solution is to use the administration interface to update the server. Apply the 'Fix for "%00" vulnerability'.
A patch is also available for Roxen 2.0.x:
ftp://ftp.roxen.com/pub/roxen/patches/roxen_2.0.50-http.pike.patch
Although 1.3.122 is not affected by this specific vulnerability, Roxen has provided a patch to eliminiate any further problems related to this issue:
ftp://ftp.roxen.com/pub/roxen/patches/roxen_1.3.122-http.pike.patch
The appropriate patch should be applied to server/protocols/http.pike. The server must be restarted for the fix to take effect.
Roxen WebServer 2.0 .X
Solution:
The recommended solution is to use the administration interface to update the server. Apply the 'Fix for "%00" vulnerability'.
A patch is also available for Roxen 2.0.x:
ftp://ftp.roxen.com/pub/roxen/patches/roxen_2.0.50-http.pike.patch
Although 1.3.122 is not affected by this specific vulnerability, Roxen has provided a patch to eliminiate any further problems related to this issue:
ftp://ftp.roxen.com/pub/roxen/patches/roxen_1.3.122-http.pike.patch
The appropriate patch should be applied to server/protocols/http.pike. The server must be restarted for the fix to take effect.
Roxen WebServer 2.0 .X
-
Roxen Roxen WebServer 2.0.X http.pike patch
This patch can be applied as an alternative to using the administration interface and Roxen Update Server.
ftp://ftp.roxen.com/pub/roxen/patches/roxen_2.0.50-http.pike.patch
References
Roxen WebServer %00 Request File/Directory Disclosure Vulnerability
References:
References: