Worm httpd Directory Traversal Vulnerability
BID:1626
Info
Worm httpd Directory Traversal Vulnerability
| Bugtraq ID: | 1626 |
| Class: | Access Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Aug 25 2000 12:00AM |
| Updated: | Aug 25 2000 12:00AM |
| Credit: | Published in Delphis Consulting Advisory DST2K0023 on August 25, 2000. |
| Vulnerable: |
Jeremy Arnold Worm Webserver 1.0 |
| Not Vulnerable: | |
Discussion
Worm httpd Directory Traversal Vulnerability
Worm httpd is a free webserver created by Jeremy Arnold (Wormonline Software). It is possible to request files outside of the webroot by using "double dots" to traverse parent directories. If an attacker knows the absolute path of a file on the system, it can be retrieved via exploitation of this vulnerability. This may lead to further compromise of the system.
Worm httpd is a free webserver created by Jeremy Arnold (Wormonline Software). It is possible to request files outside of the webroot by using "double dots" to traverse parent directories. If an attacker knows the absolute path of a file on the system, it can be retrieved via exploitation of this vulnerability. This may lead to further compromise of the system.
Exploit / POC
Worm httpd Directory Traversal Vulnerability
See discussion.
See discussion.
Solution / Fix
Worm httpd Directory Traversal Vulnerability
Solution:
Currently the SecurityFocus staff are not ware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution:
Currently the SecurityFocus staff are not ware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
References
Worm httpd Directory Traversal Vulnerability
References:
References: