Acme thttpd Arbitrary World-Readable File Disclosure Vulnerability
BID:1737
Info
Acme thttpd Arbitrary World-Readable File Disclosure Vulnerability
| Bugtraq ID: | 1737 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | Yes |
| Published: | Oct 02 2000 12:00AM |
| Updated: | Oct 02 2000 12:00AM |
| Credit: | This vulnerability was submitted to bugtraq by ghandi <[email protected]> on Mon, 2 Oct 2000 |
| Vulnerable: |
Acme thttpd 2.19 Acme thttpd 2.18 Acme thttpd 2.17 Acme thttpd 2.16 |
| Not Vulnerable: |
Acme thttpd 2.20 |
Discussion
Acme thttpd Arbitrary World-Readable File Disclosure Vulnerability
Acme thttpd HTTP server includes a CGI program external to thttpd called "ssi", which provides the functionality of the built-in server-side-includes feature in some HTTP daemons.
Names of files to be filtered through the ssi script are passed to ssi via the PATH_TRANSLATED environment variable. Certain escape sequences are not properly filtered by ssi. As a result, by submitting malicious URLs (using hex-escaped ".." sequences to bypass filtering), an attacker can view arbitrary files in known locations anywhere on the web server.
Acme thttpd HTTP server includes a CGI program external to thttpd called "ssi", which provides the functionality of the built-in server-side-includes feature in some HTTP daemons.
Names of files to be filtered through the ssi script are passed to ssi via the PATH_TRANSLATED environment variable. Certain escape sequences are not properly filtered by ssi. As a result, by submitting malicious URLs (using hex-escaped ".." sequences to bypass filtering), an attacker can view arbitrary files in known locations anywhere on the web server.
Exploit / POC
Acme thttpd Arbitrary World-Readable File Disclosure Vulnerability
Currently the SecurityFocus staff are not aware of any publicly available exploits for this vulnerability. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Currently the SecurityFocus staff are not aware of any publicly available exploits for this vulnerability. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Acme thttpd Arbitrary World-Readable File Disclosure Vulnerability
Solution:
Acme Software has released version 2.20 of thttpd. FreeBSD released upgrades to fix this vulnerability.
Acme thttpd 2.19
Solution:
Acme Software has released version 2.20 of thttpd. FreeBSD released upgrades to fix this vulnerability.
Acme thttpd 2.19
-
Acme Software thttpd-2.20
http://www.acme.com/software/thttpd/thttpd-2.20.tar.gz
References
Acme thttpd Arbitrary World-Readable File Disclosure Vulnerability
References:
References:
- thttpd Homepage (Acme)